General
-
Target
573dd6b96b2cb193e39ab445b2e83394_JaffaCakes118
-
Size
659KB
-
Sample
240518-2sr2lacb8t
-
MD5
573dd6b96b2cb193e39ab445b2e83394
-
SHA1
00a40367a59949abf338a9ec2f8f9e21f46f62aa
-
SHA256
daadde44c8f95623f5d49dee98b69a9e929a4e15c02bbaef9ade1a3a5c8362f6
-
SHA512
73b96a148fc898011ff4faff2eff125fc55ef9bf86c1efc3897edfc9082878d45c953194f7b51c9cbf819c6486e31701a4116ceda5b47c2e185892c5d7a1a15a
-
SSDEEP
12288:S9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZK3/X:+iBIGkbxqEcjsWiDxguehC2+
Behavioral task
behavioral1
Sample
573dd6b96b2cb193e39ab445b2e83394_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest17
mining1399.no-ip.biz:8080
DC_MUTEX-PB1VQWK
-
InstallPath
Memory\System.exe
-
gencode
jb09jTdM48qG
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
573dd6b96b2cb193e39ab445b2e83394_JaffaCakes118
-
Size
659KB
-
MD5
573dd6b96b2cb193e39ab445b2e83394
-
SHA1
00a40367a59949abf338a9ec2f8f9e21f46f62aa
-
SHA256
daadde44c8f95623f5d49dee98b69a9e929a4e15c02bbaef9ade1a3a5c8362f6
-
SHA512
73b96a148fc898011ff4faff2eff125fc55ef9bf86c1efc3897edfc9082878d45c953194f7b51c9cbf819c6486e31701a4116ceda5b47c2e185892c5d7a1a15a
-
SSDEEP
12288:S9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZK3/X:+iBIGkbxqEcjsWiDxguehC2+
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2