General
-
Target
65614334883de1aa7f16acfb7f1597fb_JaffaCakes118
-
Size
412KB
-
Sample
240723-ahdbxaxarm
-
MD5
65614334883de1aa7f16acfb7f1597fb
-
SHA1
9d9eaa944d83a8dfbebfd3c9643312a7e9bcf6a3
-
SHA256
83e2603fc77943b8d9475d8b70d328222f590830e813d52e0061fe88139dae2e
-
SHA512
5b08bf8ee060240490d21b73105cf7f57c8a8fdc7b97eaf6789083f5176baf1825e4f1cc3186807895cc0cfe7bc83edf50f46f7042be1ffa8b087bc4dbd16802
-
SSDEEP
6144:6hCLvvpHBgBM7BkqkdO2ZHE+6V5/BA+Mr6sXXXDXXXr7B:6gVHB77aq0ZLYpA+0
Static task
static1
Behavioral task
behavioral1
Sample
65614334883de1aa7f16acfb7f1597fb_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
217.66.227.219:1604
DC_MUTEX-QYGXHCW
-
InstallPath
MSDCSC\msdcoc.exe
-
gencode
ddYin0vduQaq
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Microopdate
Targets
-
-
Target
65614334883de1aa7f16acfb7f1597fb_JaffaCakes118
-
Size
412KB
-
MD5
65614334883de1aa7f16acfb7f1597fb
-
SHA1
9d9eaa944d83a8dfbebfd3c9643312a7e9bcf6a3
-
SHA256
83e2603fc77943b8d9475d8b70d328222f590830e813d52e0061fe88139dae2e
-
SHA512
5b08bf8ee060240490d21b73105cf7f57c8a8fdc7b97eaf6789083f5176baf1825e4f1cc3186807895cc0cfe7bc83edf50f46f7042be1ffa8b087bc4dbd16802
-
SSDEEP
6144:6hCLvvpHBgBM7BkqkdO2ZHE+6V5/BA+Mr6sXXXDXXXr7B:6gVHB77aq0ZLYpA+0
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-