General
-
Target
f19963d3be14b2814ebb426d696946d1_JaffaCakes118
-
Size
696KB
-
Sample
240415-v218asca53
-
MD5
f19963d3be14b2814ebb426d696946d1
-
SHA1
b59615351092d16bf8351770e5babf14b9e98773
-
SHA256
00c74003c836810249535540ca35991ed322257b34b238815c45ad7c5b798379
-
SHA512
6dc3f6bfa3fd6f065496392ff753b72e47d6440e56d74e669faa963c7d0064655a80e967bdd47c6cf9ff197f7917285988f46e24875394897249dea3523b015a
-
SSDEEP
12288:8Bw47KoNeh77kTqnHu0EVQwmtKJZb5UsdRr3cPYgtjR+SI:8Bw2khAqMWoh5hV2jR+7
Static task
static1
Behavioral task
behavioral1
Sample
f19963d3be14b2814ebb426d696946d1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f19963d3be14b2814ebb426d696946d1_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
darkcomet
Guest16
lujadex.no-ip.org:5250
DC_MUTEX-TSV5AGW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
2JDQ9S3gs62T
-
install
true
-
offline_keylogger
true
-
password
my974637
-
persistence
false
-
reg_key
WinUpdate
Targets
-
-
Target
f19963d3be14b2814ebb426d696946d1_JaffaCakes118
-
Size
696KB
-
MD5
f19963d3be14b2814ebb426d696946d1
-
SHA1
b59615351092d16bf8351770e5babf14b9e98773
-
SHA256
00c74003c836810249535540ca35991ed322257b34b238815c45ad7c5b798379
-
SHA512
6dc3f6bfa3fd6f065496392ff753b72e47d6440e56d74e669faa963c7d0064655a80e967bdd47c6cf9ff197f7917285988f46e24875394897249dea3523b015a
-
SSDEEP
12288:8Bw47KoNeh77kTqnHu0EVQwmtKJZb5UsdRr3cPYgtjR+SI:8Bw2khAqMWoh5hV2jR+7
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-