General
-
Target
27f2bffd80e144f0b738ff6659c3b8c3_JaffaCakes118
-
Size
252KB
-
Sample
240509-ddxrjaef4v
-
MD5
27f2bffd80e144f0b738ff6659c3b8c3
-
SHA1
388aff586e3ec2c5c862596ec16abdfdbdfcb98f
-
SHA256
4c9e11389a51bbb1538c3c57a469be9256812e9be5ced4f06ba6c100668ddde1
-
SHA512
a57f5163ef3d35d000b0f9d5caf84a65ebce2d3cdfe61468fb13d976541caab106c9fab32392c4826e5bedd87ae29c9a0eb53e4281bec0f0d0e856b6660be1c2
-
SSDEEP
6144:DcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQU:DcWkbgTYWnYnt/IDYhPJ
Behavioral task
behavioral1
Sample
27f2bffd80e144f0b738ff6659c3b8c3_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-15PZK2D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
WXuth936C97A
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
27f2bffd80e144f0b738ff6659c3b8c3_JaffaCakes118
-
Size
252KB
-
MD5
27f2bffd80e144f0b738ff6659c3b8c3
-
SHA1
388aff586e3ec2c5c862596ec16abdfdbdfcb98f
-
SHA256
4c9e11389a51bbb1538c3c57a469be9256812e9be5ced4f06ba6c100668ddde1
-
SHA512
a57f5163ef3d35d000b0f9d5caf84a65ebce2d3cdfe61468fb13d976541caab106c9fab32392c4826e5bedd87ae29c9a0eb53e4281bec0f0d0e856b6660be1c2
-
SSDEEP
6144:DcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQU:DcWkbgTYWnYnt/IDYhPJ
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-