General
-
Target
60df627f1a8ef89edac1dbcdd9d6f0a9_JaffaCakes118
-
Size
440KB
-
Sample
240721-wpkv8aybkc
-
MD5
60df627f1a8ef89edac1dbcdd9d6f0a9
-
SHA1
070afefd0674fea1306418b490263f85a433eb5b
-
SHA256
3686068bc9ce70f08596e3dcfcee603e44c4b17b6410d1956ef3b563b5178632
-
SHA512
4e2924f6bc8ff843e097a24ab2b2fe0b0526549c1b74b37c9fddeeb0585cefb0cacab93c727da6874d4a281f49847930edb84cb714552d6e5d8626bd7c7c2913
-
SSDEEP
12288:BwdluL0gMMDLt8izm1ET8ztO8maZAnsi:BjMq5y1se
Static task
static1
Behavioral task
behavioral1
Sample
60df627f1a8ef89edac1dbcdd9d6f0a9_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
LOVEr
ab11.no-ip.biz:1604
DC_MUTEX-1AVPPHV
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
WErGEi8JKg6U
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
60df627f1a8ef89edac1dbcdd9d6f0a9_JaffaCakes118
-
Size
440KB
-
MD5
60df627f1a8ef89edac1dbcdd9d6f0a9
-
SHA1
070afefd0674fea1306418b490263f85a433eb5b
-
SHA256
3686068bc9ce70f08596e3dcfcee603e44c4b17b6410d1956ef3b563b5178632
-
SHA512
4e2924f6bc8ff843e097a24ab2b2fe0b0526549c1b74b37c9fddeeb0585cefb0cacab93c727da6874d4a281f49847930edb84cb714552d6e5d8626bd7c7c2913
-
SSDEEP
12288:BwdluL0gMMDLt8izm1ET8ztO8maZAnsi:BjMq5y1se
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-