General
-
Target
62cf3699e81685d64d1161b2017e8a9c_JaffaCakes118
-
Size
650KB
-
Sample
240722-l7s97s1hla
-
MD5
62cf3699e81685d64d1161b2017e8a9c
-
SHA1
8c03eed965875c97c86cb0bb8ebabf3cfaf7d1b5
-
SHA256
e77e50695ccdf9758e1586dc2bb07d8b569f23d4284dffb748e6eb41fb6c91fc
-
SHA512
edfd8a3434ec3050741082fc9048e16e1103ec48844f500fda60f765ad120af441d19955759327ca7497281d944cf0b7b9542c32df3f58b59402e2f5469b99f3
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+0:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+G1
Behavioral task
behavioral1
Sample
62cf3699e81685d64d1161b2017e8a9c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
62cf3699e81685d64d1161b2017e8a9c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest16
75.166.144.239:1604
DC_MUTEX-AU01VTD
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UiNgKsPRGk1V
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
62cf3699e81685d64d1161b2017e8a9c_JaffaCakes118
-
Size
650KB
-
MD5
62cf3699e81685d64d1161b2017e8a9c
-
SHA1
8c03eed965875c97c86cb0bb8ebabf3cfaf7d1b5
-
SHA256
e77e50695ccdf9758e1586dc2bb07d8b569f23d4284dffb748e6eb41fb6c91fc
-
SHA512
edfd8a3434ec3050741082fc9048e16e1103ec48844f500fda60f765ad120af441d19955759327ca7497281d944cf0b7b9542c32df3f58b59402e2f5469b99f3
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+0:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+G1
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-