General
-
Target
5cf5242f8775a75755c0e18ed2f77d17_JaffaCakes118
-
Size
432KB
-
Sample
240719-v52m8swble
-
MD5
5cf5242f8775a75755c0e18ed2f77d17
-
SHA1
8d1eddf0848129228a0b848e369d38909ad4ffb4
-
SHA256
d2cf074f9729ce229a6e8b1e8fd580a5cfa0777374ef720bd41553d474755fa2
-
SHA512
1513aa17c8548557c39d4774456ce3d22c01bb9dc500536649f5b3103507c0608f81080b8a676e131a7502f3d900d900b699867e33a6ba3760bc2f7c9370e864
-
SSDEEP
12288:LBVo44m96iqVt2oVo06jRhUeoyEb58sP6PqXGZx7Fb:dKxm9UMNth5k5rC4GX7Fb
Static task
static1
Behavioral task
behavioral1
Sample
5cf5242f8775a75755c0e18ed2f77d17_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
snak.no-ip.biz:1604
DC_MUTEX-2T0X0X7
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ddCXSocGi8Uy
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
5cf5242f8775a75755c0e18ed2f77d17_JaffaCakes118
-
Size
432KB
-
MD5
5cf5242f8775a75755c0e18ed2f77d17
-
SHA1
8d1eddf0848129228a0b848e369d38909ad4ffb4
-
SHA256
d2cf074f9729ce229a6e8b1e8fd580a5cfa0777374ef720bd41553d474755fa2
-
SHA512
1513aa17c8548557c39d4774456ce3d22c01bb9dc500536649f5b3103507c0608f81080b8a676e131a7502f3d900d900b699867e33a6ba3760bc2f7c9370e864
-
SSDEEP
12288:LBVo44m96iqVt2oVo06jRhUeoyEb58sP6PqXGZx7Fb:dKxm9UMNth5k5rC4GX7Fb
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-