General
-
Target
1c51009180edac79522cb68fa98a222a_JaffaCakes118
-
Size
1.1MB
-
Sample
240701-yrnq1awgpd
-
MD5
1c51009180edac79522cb68fa98a222a
-
SHA1
e604d84acb3d210068ac03eca0835bb59742d25b
-
SHA256
87eb5fe4706ba8d9533cf7166839c498019b04ec82f3f8ffabf49777560101b1
-
SHA512
b8849ad16b55173e8eb86c96530bff122eab3e6bc660ed5fdc503ca4ef924e7beb190105102f5b7402911b970520378b4ca3c5983a3e9b3ac642d841483c44d9
-
SSDEEP
24576:oihAZWFQD3jTondKF90BdMvZSnwwjtiLDMJx:oaQD3j0AKqvZSwq0I
Static task
static1
Behavioral task
behavioral1
Sample
1c51009180edac79522cb68fa98a222a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1c51009180edac79522cb68fa98a222a_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Test
tast.no-ip.biz:82
DCMIN_MUTEX-G2M7KRL
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
pvNzhST4bytK
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
1c51009180edac79522cb68fa98a222a_JaffaCakes118
-
Size
1.1MB
-
MD5
1c51009180edac79522cb68fa98a222a
-
SHA1
e604d84acb3d210068ac03eca0835bb59742d25b
-
SHA256
87eb5fe4706ba8d9533cf7166839c498019b04ec82f3f8ffabf49777560101b1
-
SHA512
b8849ad16b55173e8eb86c96530bff122eab3e6bc660ed5fdc503ca4ef924e7beb190105102f5b7402911b970520378b4ca3c5983a3e9b3ac642d841483c44d9
-
SSDEEP
24576:oihAZWFQD3jTondKF90BdMvZSnwwjtiLDMJx:oaQD3j0AKqvZSwq0I
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-