General
-
Target
6188391cd463ef04f369c7a351948b40_JaffaCakes118
-
Size
694KB
-
Sample
240721-1pbprswenb
-
MD5
6188391cd463ef04f369c7a351948b40
-
SHA1
4df00328d166925e05881b8902a49ec5cd0fc6fe
-
SHA256
11cce176d94e186eec591670f617ee7585425a62d3aca432a85f38164e4926e7
-
SHA512
02768b3d0c13b18205d51da8132495fc5fb7d7bf5b93b8788ba62adfceaf9f57a72f30ec468dad9ec723987f57ffb9d097589e419ad232c6d82a618919cac426
-
SSDEEP
12288:TY9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hS:TMZ1xuVVjfFoynPaVBUR8f+kN10EBs
Behavioral task
behavioral1
Sample
6188391cd463ef04f369c7a351948b40_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6188391cd463ef04f369c7a351948b40_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Slave
poltair.no-ip.org:300
DC_MUTEX-K0CLLBR
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
L63nhUT1c5rp
-
install
true
-
offline_keylogger
true
-
password
123
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6188391cd463ef04f369c7a351948b40_JaffaCakes118
-
Size
694KB
-
MD5
6188391cd463ef04f369c7a351948b40
-
SHA1
4df00328d166925e05881b8902a49ec5cd0fc6fe
-
SHA256
11cce176d94e186eec591670f617ee7585425a62d3aca432a85f38164e4926e7
-
SHA512
02768b3d0c13b18205d51da8132495fc5fb7d7bf5b93b8788ba62adfceaf9f57a72f30ec468dad9ec723987f57ffb9d097589e419ad232c6d82a618919cac426
-
SSDEEP
12288:TY9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hS:TMZ1xuVVjfFoynPaVBUR8f+kN10EBs
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-