General
-
Target
5caae1ac6f6d9f58b17a51fc7808e3e1_JaffaCakes118
-
Size
783KB
-
Sample
240719-tmvljasgkd
-
MD5
5caae1ac6f6d9f58b17a51fc7808e3e1
-
SHA1
40b2ebe3c36a26ee2ef1abb2b2f59837451ff577
-
SHA256
07a3b70386d9d81fff3856e5fe764d24bc347570ccf6330e51062dd1d29e3ee6
-
SHA512
d8e2f602e49208990bdeeb3d58365bc0ee5172e2666c2676f874b24282e12620c095abd4574801490cc2815af2606d81e4ca95147c80a5cb1b4b8b43d9f8ebf1
-
SSDEEP
24576:En/Ooh2u7PqrF65zMTohFxOxEgquWx2R+5l2Bzb:sBB7qGMiFMdquFzzb
Static task
static1
Behavioral task
behavioral1
Sample
5caae1ac6f6d9f58b17a51fc7808e3e1_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5caae1ac6f6d9f58b17a51fc7808e3e1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest16
activate.strangled.net:100
DC_MUTEX-ZJ3D950
-
InstallPath
MSDCSC\activate_now.exe
-
gencode
vdEZLjDj5hlD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Activate Now
Targets
-
-
Target
5caae1ac6f6d9f58b17a51fc7808e3e1_JaffaCakes118
-
Size
783KB
-
MD5
5caae1ac6f6d9f58b17a51fc7808e3e1
-
SHA1
40b2ebe3c36a26ee2ef1abb2b2f59837451ff577
-
SHA256
07a3b70386d9d81fff3856e5fe764d24bc347570ccf6330e51062dd1d29e3ee6
-
SHA512
d8e2f602e49208990bdeeb3d58365bc0ee5172e2666c2676f874b24282e12620c095abd4574801490cc2815af2606d81e4ca95147c80a5cb1b4b8b43d9f8ebf1
-
SSDEEP
24576:En/Ooh2u7PqrF65zMTohFxOxEgquWx2R+5l2Bzb:sBB7qGMiFMdquFzzb
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-