General
-
Target
136d9001b11fba77ae168bf0f09a7ee5_JaffaCakes118
-
Size
1.9MB
-
Sample
240626-zseedstcka
-
MD5
136d9001b11fba77ae168bf0f09a7ee5
-
SHA1
b628cc11be2ecb992163a3ab335c0a4e31d2d573
-
SHA256
f997497b76f240159e28d44b943a40e0ea27b6c4d7b2cdb6dc769d65bbb92544
-
SHA512
80ba416964e3402a280b4b9dbe9e4abbfab49f029451dd4f5c1ec80a8cad8cae1438d366436168b6912492fda0108cf28d1ca16fd80d46029aef0c97a47008e3
-
SSDEEP
24576:GE0fHw0TS/Tlr+robnykC36QNOhh0/svqus32tt4Onwp8aJRdoUepoLJlPK5Hyep:GE0fQ0TSLV+LSaOI/4FwpRpyHYm+2ah
Static task
static1
Behavioral task
behavioral1
Sample
136d9001b11fba77ae168bf0f09a7ee5_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
darkcomet
Finally
tast.no-ip.biz:82
DC_MUTEX-98S0K24
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
j6R1c8a9GWJZ
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
136d9001b11fba77ae168bf0f09a7ee5_JaffaCakes118
-
Size
1.9MB
-
MD5
136d9001b11fba77ae168bf0f09a7ee5
-
SHA1
b628cc11be2ecb992163a3ab335c0a4e31d2d573
-
SHA256
f997497b76f240159e28d44b943a40e0ea27b6c4d7b2cdb6dc769d65bbb92544
-
SHA512
80ba416964e3402a280b4b9dbe9e4abbfab49f029451dd4f5c1ec80a8cad8cae1438d366436168b6912492fda0108cf28d1ca16fd80d46029aef0c97a47008e3
-
SSDEEP
24576:GE0fHw0TS/Tlr+robnykC36QNOhh0/svqus32tt4Onwp8aJRdoUepoLJlPK5Hyep:GE0fQ0TSLV+LSaOI/4FwpRpyHYm+2ah
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1