General
-
Target
e41aeeffed5f382796b583fde60b2467_JaffaCakes118
-
Size
660KB
-
Sample
240407-fjy8nade3s
-
MD5
e41aeeffed5f382796b583fde60b2467
-
SHA1
a0b2243ea061ea35515d78a6994346f58e394f75
-
SHA256
fb40c3571f6f3b79066d062c6890c11fdc6ec07da31adfc3c4c50f60cda3b541
-
SHA512
d689ecfb22c42a926407cda067520c2ff8911ca440ef85f4a2ca847432154918cdfdb8b299bd53f11eac4593b2b4ef1c39fd9b1f84d71852ad9b9559b99494a5
-
SSDEEP
12288:UXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UR:CnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JB
Behavioral task
behavioral1
Sample
e41aeeffed5f382796b583fde60b2467_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e41aeeffed5f382796b583fde60b2467_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16
192.168.2.100:100
DC_MUTEX-2ENDG4N
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oN6Wn8XyCdey
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
e41aeeffed5f382796b583fde60b2467_JaffaCakes118
-
Size
660KB
-
MD5
e41aeeffed5f382796b583fde60b2467
-
SHA1
a0b2243ea061ea35515d78a6994346f58e394f75
-
SHA256
fb40c3571f6f3b79066d062c6890c11fdc6ec07da31adfc3c4c50f60cda3b541
-
SHA512
d689ecfb22c42a926407cda067520c2ff8911ca440ef85f4a2ca847432154918cdfdb8b299bd53f11eac4593b2b4ef1c39fd9b1f84d71852ad9b9559b99494a5
-
SSDEEP
12288:UXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UR:CnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JB
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-