General
-
Target
6734ed528fd08246dab1055ce7a124de_JaffaCakes118
-
Size
853KB
-
Sample
240522-n9aa8age9s
-
MD5
6734ed528fd08246dab1055ce7a124de
-
SHA1
44bcb8e21ea74f5bac9f20daf4772650b4277a6c
-
SHA256
20fc91290817d8b9208794e5464bb084d9a63fa96af2e674582a19d3af9d182f
-
SHA512
943a05779fc0e9da69a8c2df34ef19c6128a844f7ce1b166515fa0e5416c4c5af7f5928f8cf5d1032f483d3382a350809fda455ee3b90510a5b465a7f7d7b50c
-
SSDEEP
12288:vFRJLb3xdzXFMUO+iEs7sBS+jYr9WZm9++vufVZMIzUBlcYvmIAA5zVZ/7:TdPOPAs9596fVBzUBlvezAFnD
Static task
static1
Behavioral task
behavioral1
Sample
6734ed528fd08246dab1055ce7a124de_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6734ed528fd08246dab1055ce7a124de_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
darkcomet
Guest16
raptorsdc.duckdns.org:999
DC_MUTEX-5WV0Z3A
-
InstallPath
CCC.exe
-
gencode
4nktTL2MmcBp
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Video Card Control Center
Targets
-
-
Target
6734ed528fd08246dab1055ce7a124de_JaffaCakes118
-
Size
853KB
-
MD5
6734ed528fd08246dab1055ce7a124de
-
SHA1
44bcb8e21ea74f5bac9f20daf4772650b4277a6c
-
SHA256
20fc91290817d8b9208794e5464bb084d9a63fa96af2e674582a19d3af9d182f
-
SHA512
943a05779fc0e9da69a8c2df34ef19c6128a844f7ce1b166515fa0e5416c4c5af7f5928f8cf5d1032f483d3382a350809fda455ee3b90510a5b465a7f7d7b50c
-
SSDEEP
12288:vFRJLb3xdzXFMUO+iEs7sBS+jYr9WZm9++vufVZMIzUBlcYvmIAA5zVZ/7:TdPOPAs9596fVBzUBlvezAFnD
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-