General
-
Target
2c92fa8e43a76c9e0ce8f0bfaabf1c33_JaffaCakes118
-
Size
235KB
-
Sample
240510-bdnshscg85
-
MD5
2c92fa8e43a76c9e0ce8f0bfaabf1c33
-
SHA1
a094988f5ef3e42f032de97d1770e314ed672502
-
SHA256
08aacd7ef1a400cc83e1a3f70c77057d993887b856e65499736bc4959282b79f
-
SHA512
10fbb628fa0ab0bee1e4864b10410ad7b21be6091634e3a93041c912ce14dd96056bfcfcd0cc7e8a44bdbc8f7e72729b9316615bd1e1d8e1cf76827abdddabc0
-
SSDEEP
6144:pYLVBjW718MqFzc1jKr9texFv3l/TusFEBOnIS:iP671TozcdyevNT/eOI
Static task
static1
Behavioral task
behavioral1
Sample
2c92fa8e43a76c9e0ce8f0bfaabf1c33_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
Guest16
82.202.167.202:1610
82.146.51.26:1610
DC_MUTEX-JCN2C17
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
KjgAjw0E3faK
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Avast
Targets
-
-
Target
2c92fa8e43a76c9e0ce8f0bfaabf1c33_JaffaCakes118
-
Size
235KB
-
MD5
2c92fa8e43a76c9e0ce8f0bfaabf1c33
-
SHA1
a094988f5ef3e42f032de97d1770e314ed672502
-
SHA256
08aacd7ef1a400cc83e1a3f70c77057d993887b856e65499736bc4959282b79f
-
SHA512
10fbb628fa0ab0bee1e4864b10410ad7b21be6091634e3a93041c912ce14dd96056bfcfcd0cc7e8a44bdbc8f7e72729b9316615bd1e1d8e1cf76827abdddabc0
-
SSDEEP
6144:pYLVBjW718MqFzc1jKr9texFv3l/TusFEBOnIS:iP671TozcdyevNT/eOI
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-