General
-
Target
8bb1d40020267fd6a8778c710b4f7976_JaffaCakes118
-
Size
349KB
-
Sample
240601-zbad4sfa22
-
MD5
8bb1d40020267fd6a8778c710b4f7976
-
SHA1
d0c9aa6ee06e72c6c383ab0cd15f1951b961b9d4
-
SHA256
4ad10741fc2da2b3e001f01f04400973f743f3041dd188c7b136b0821460d9ac
-
SHA512
4e99185e84cbdd3bf7086e30f6076965de2c103336cb7be9b55fb46c9365924c61bbda620eab763ecef446e3ea90b4b9e80e4674c908583b9fd7310bfa58e557
-
SSDEEP
6144:bcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37l+KI2RwplSZkOiu9PZ/p:bcW7KEZlPzCy37o4RPNVR
Behavioral task
behavioral1
Sample
8bb1d40020267fd6a8778c710b4f7976_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:7777
DC_MUTEX-GVE82UC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
a5rLppG3KGsX
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8bb1d40020267fd6a8778c710b4f7976_JaffaCakes118
-
Size
349KB
-
MD5
8bb1d40020267fd6a8778c710b4f7976
-
SHA1
d0c9aa6ee06e72c6c383ab0cd15f1951b961b9d4
-
SHA256
4ad10741fc2da2b3e001f01f04400973f743f3041dd188c7b136b0821460d9ac
-
SHA512
4e99185e84cbdd3bf7086e30f6076965de2c103336cb7be9b55fb46c9365924c61bbda620eab763ecef446e3ea90b4b9e80e4674c908583b9fd7310bfa58e557
-
SSDEEP
6144:bcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37l+KI2RwplSZkOiu9PZ/p:bcW7KEZlPzCy37o4RPNVR
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1