General
-
Target
6687a6fc3bbcf2f1e35c3f13204f684c_JaffaCakes118
-
Size
334KB
-
Sample
240723-hjvatasepg
-
MD5
6687a6fc3bbcf2f1e35c3f13204f684c
-
SHA1
051f9f535954e1c3a362e7e924d8abc64171e5ed
-
SHA256
bcaed589b132de24e3b17a5e5f01e67df6d6a648cad87cc0b40f00040eaf021f
-
SHA512
b8e32b3a6a52573bf8160e7d8bc5c3ea872554a786be96f3983212fb69f3585722e79dcbd2f2bb1d4b45cc9da60a8380916643eec4ce570601085861a199a08c
-
SSDEEP
6144:xMMWJH007FoGoyy3GSrsM/XII6aN2Z1sVd+SK6brDgNqpbn+UnCZdQnRa:gJH0NGoyYYB7Z10s+DgNqR+9enY
Static task
static1
Behavioral task
behavioral1
Sample
6687a6fc3bbcf2f1e35c3f13204f684c_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6687a6fc3bbcf2f1e35c3f13204f684c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest16
abod12345.no-ip.info:999
DC_MUTEX-66BQSLQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
PMybMb4KoUjA
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6687a6fc3bbcf2f1e35c3f13204f684c_JaffaCakes118
-
Size
334KB
-
MD5
6687a6fc3bbcf2f1e35c3f13204f684c
-
SHA1
051f9f535954e1c3a362e7e924d8abc64171e5ed
-
SHA256
bcaed589b132de24e3b17a5e5f01e67df6d6a648cad87cc0b40f00040eaf021f
-
SHA512
b8e32b3a6a52573bf8160e7d8bc5c3ea872554a786be96f3983212fb69f3585722e79dcbd2f2bb1d4b45cc9da60a8380916643eec4ce570601085861a199a08c
-
SSDEEP
6144:xMMWJH007FoGoyy3GSrsM/XII6aN2Z1sVd+SK6brDgNqpbn+UnCZdQnRa:gJH0NGoyYYB7Z10s+DgNqR+9enY
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-