General
-
Target
272925e4c0eba9578f0ebe562cc03d65_JaffaCakes118
-
Size
252KB
-
Sample
240508-27pvsafb73
-
MD5
272925e4c0eba9578f0ebe562cc03d65
-
SHA1
0bd4fe0e3205d9f7c89ee41b31b5da82e6afae0e
-
SHA256
0974f0a990ec883c3bd8c26eeed6dc1585f49c60dd10f5d7229e69224df0ab0a
-
SHA512
f7385975f74c8b603f9b25268a7f3ccd6cbd19f48ec8d0c4e4bfadc94efac5cfbabb2c7e1bb723f4bcca3d992f4956850a9321595dc44af16ea560f8a98a5c40
-
SSDEEP
6144:ecNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:ecWkbgTYWnYnt/IDYhP
Behavioral task
behavioral1
Sample
272925e4c0eba9578f0ebe562cc03d65_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
darkcomet
Guest16
bibl12345.ddns.net:1604
DC_MUTEX-AJ56C7W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Yg90cc2DzMYR
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows
Targets
-
-
Target
272925e4c0eba9578f0ebe562cc03d65_JaffaCakes118
-
Size
252KB
-
MD5
272925e4c0eba9578f0ebe562cc03d65
-
SHA1
0bd4fe0e3205d9f7c89ee41b31b5da82e6afae0e
-
SHA256
0974f0a990ec883c3bd8c26eeed6dc1585f49c60dd10f5d7229e69224df0ab0a
-
SHA512
f7385975f74c8b603f9b25268a7f3ccd6cbd19f48ec8d0c4e4bfadc94efac5cfbabb2c7e1bb723f4bcca3d992f4956850a9321595dc44af16ea560f8a98a5c40
-
SSDEEP
6144:ecNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:ecWkbgTYWnYnt/IDYhP
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2