General
-
Target
60f90587a0fefe3c73b1ed43a91ea9ae_JaffaCakes118
-
Size
716KB
-
Sample
240721-w9bs2ssanp
-
MD5
60f90587a0fefe3c73b1ed43a91ea9ae
-
SHA1
f0617849b8036be8e762683d1dd69e5e49965164
-
SHA256
60fa2b8949f00e9c194be4c1da24a4d7b188af1f8ebcf32cffd432a4c17d0820
-
SHA512
73f7c8e96ac275cb7dd336d5db3871757dfd2da6c3b1e4f6fa5862797ae8a7d6789c39ddd79cab0b06038042bb2054c5c135591b6a197fd2913dc2860d19e5ae
-
SSDEEP
12288:yPixQzUlORtk7w7nZDWtA+KGzurODpWh/xitnAmneaYu+LXMEJHCqZTaUuIMO4Dg:gii4bw7nsvyq4/xithWhX1JQTIODRI/
Static task
static1
Behavioral task
behavioral1
Sample
60f90587a0fefe3c73b1ed43a91ea9ae_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
60f90587a0fefe3c73b1ed43a91ea9ae_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
TiGeRMaNiA
fataka.no-ip.biz:82
DC_MUTEX-WUS3N6Q
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
k7JgDHZDMKm8
-
install
true
-
offline_keylogger
true
-
password
fataka
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
60f90587a0fefe3c73b1ed43a91ea9ae_JaffaCakes118
-
Size
716KB
-
MD5
60f90587a0fefe3c73b1ed43a91ea9ae
-
SHA1
f0617849b8036be8e762683d1dd69e5e49965164
-
SHA256
60fa2b8949f00e9c194be4c1da24a4d7b188af1f8ebcf32cffd432a4c17d0820
-
SHA512
73f7c8e96ac275cb7dd336d5db3871757dfd2da6c3b1e4f6fa5862797ae8a7d6789c39ddd79cab0b06038042bb2054c5c135591b6a197fd2913dc2860d19e5ae
-
SSDEEP
12288:yPixQzUlORtk7w7nZDWtA+KGzurODpWh/xitnAmneaYu+LXMEJHCqZTaUuIMO4Dg:gii4bw7nsvyq4/xithWhX1JQTIODRI/
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-