General
-
Target
6474330de280da2f5a5dd821117e3e43_JaffaCakes118
-
Size
306KB
-
Sample
240722-xyhynatepr
-
MD5
6474330de280da2f5a5dd821117e3e43
-
SHA1
75c46ae845cd9855b98cd43e9f99ca57bd08a752
-
SHA256
c2d4b6504f49a3dc7f1fe0f2a85c60184dda2b22dc01b2a4654d18ef30d27e89
-
SHA512
50698590fd23cae20590d36c19c4c00c28b6866dcfe80dde3a7eec16cb607d1e5f88933d7d9a46a1de1397c2a14d1bc8b338b30628119f824b33c11f3bc850c1
-
SSDEEP
6144:0D8cO856TYmhyXLd9jXal8Z4LWdsSCrwAnHlK8koEb6VXHvGTpxNZqH0ZnWQr8a3:0h5ZFIRcC8J8koi6VXP8xSHrQx
Static task
static1
Behavioral task
behavioral1
Sample
6474330de280da2f5a5dd821117e3e43_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6474330de280da2f5a5dd821117e3e43_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest16
brhoom1406.no-ip.org:1604
DC_MUTEX-PJL2EH6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
446erLAcby0j
-
install
true
-
offline_keylogger
true
-
password
0566699323
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6474330de280da2f5a5dd821117e3e43_JaffaCakes118
-
Size
306KB
-
MD5
6474330de280da2f5a5dd821117e3e43
-
SHA1
75c46ae845cd9855b98cd43e9f99ca57bd08a752
-
SHA256
c2d4b6504f49a3dc7f1fe0f2a85c60184dda2b22dc01b2a4654d18ef30d27e89
-
SHA512
50698590fd23cae20590d36c19c4c00c28b6866dcfe80dde3a7eec16cb607d1e5f88933d7d9a46a1de1397c2a14d1bc8b338b30628119f824b33c11f3bc850c1
-
SSDEEP
6144:0D8cO856TYmhyXLd9jXal8Z4LWdsSCrwAnHlK8koEb6VXHvGTpxNZqH0ZnWQr8a3:0h5ZFIRcC8J8koi6VXP8xSHrQx
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-