General
-
Target
11b439932d089a0cf681b2c01df27124_JaffaCakes118
-
Size
756KB
-
Sample
240626-mmvg7stbrj
-
MD5
11b439932d089a0cf681b2c01df27124
-
SHA1
d98de33d66073d8cca48f74d39ab3dce5b364c70
-
SHA256
4a700932d9a4d72e48d4a710150c8c56b7d42b3a86a1c128f76f8e7038cc55f2
-
SHA512
a05d7e03e6ab617d7ce5ffbef60ae47a972bf5da408de26bcf64effcb914a4cbdad281221f2c5f4d5deedb2422abfe3f593287c6b86f3c5fcfab0b96ea7888ab
-
SSDEEP
12288:ZBKyEkAzx2AfzhaEjLae+MMBuUyxg/jqGt6Mi8aOfrmfNi/vrf:ayY2w5GjqGt6eBf1/v
Static task
static1
Behavioral task
behavioral1
Sample
11b439932d089a0cf681b2c01df27124_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
11b439932d089a0cf681b2c01df27124_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
tailex-serv1
dk.salesasia.info:5622
50.31.0.228:5622
DC_MUTEX-PRWHYG9
-
gencode
l4uWLvpxxyhk
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
11b439932d089a0cf681b2c01df27124_JaffaCakes118
-
Size
756KB
-
MD5
11b439932d089a0cf681b2c01df27124
-
SHA1
d98de33d66073d8cca48f74d39ab3dce5b364c70
-
SHA256
4a700932d9a4d72e48d4a710150c8c56b7d42b3a86a1c128f76f8e7038cc55f2
-
SHA512
a05d7e03e6ab617d7ce5ffbef60ae47a972bf5da408de26bcf64effcb914a4cbdad281221f2c5f4d5deedb2422abfe3f593287c6b86f3c5fcfab0b96ea7888ab
-
SSDEEP
12288:ZBKyEkAzx2AfzhaEjLae+MMBuUyxg/jqGt6Mi8aOfrmfNi/vrf:ayY2w5GjqGt6eBf1/v
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1