General
-
Target
5f11e6408330e2e7d231bf43cbc7a429_JaffaCakes118
-
Size
692KB
-
Sample
240720-fc85aawhnp
-
MD5
5f11e6408330e2e7d231bf43cbc7a429
-
SHA1
2dcd0d2a7a7a9ce3a2525d264a709be9c7568cde
-
SHA256
0dcbf29380319f53fdbabe4e3aa5320d6383b42538ce0b3e513d56f315c27e7e
-
SHA512
fa85c5ce4ee5c1596b322f03c4c221d98e994c00a7f7f2bd9f2de600343bc5a397f99be74b47decdbde9240304c2c609934eb363dbbfc4cdfecf3b068de0f8bb
-
SSDEEP
12288:oZsL3lwMkQOU3O+bqgajPV/h7XDdghqA3VNUx6BevWGKwfwzBjhjNwuNfuAiz:r1oQFbqgGPpBicAlNCfJfwHx5duv
Static task
static1
Behavioral task
behavioral1
Sample
5f11e6408330e2e7d231bf43cbc7a429_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5f11e6408330e2e7d231bf43cbc7a429_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest16
mondas.dnsd.info:1604
DC_MUTEX-PTCNRC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
spUbZCv7EBeL
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
5f11e6408330e2e7d231bf43cbc7a429_JaffaCakes118
-
Size
692KB
-
MD5
5f11e6408330e2e7d231bf43cbc7a429
-
SHA1
2dcd0d2a7a7a9ce3a2525d264a709be9c7568cde
-
SHA256
0dcbf29380319f53fdbabe4e3aa5320d6383b42538ce0b3e513d56f315c27e7e
-
SHA512
fa85c5ce4ee5c1596b322f03c4c221d98e994c00a7f7f2bd9f2de600343bc5a397f99be74b47decdbde9240304c2c609934eb363dbbfc4cdfecf3b068de0f8bb
-
SSDEEP
12288:oZsL3lwMkQOU3O+bqgajPV/h7XDdghqA3VNUx6BevWGKwfwzBjhjNwuNfuAiz:r1oQFbqgGPpBicAlNCfJfwHx5duv
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-