General
-
Target
66c611ccb034c6196e36e14777a29fdc_JaffaCakes118
-
Size
769KB
-
Sample
240723-jz6jfswgpm
-
MD5
66c611ccb034c6196e36e14777a29fdc
-
SHA1
70a2f653b7db1f647be70d881bd7558e2a379db2
-
SHA256
70f06b238e9af04e21e134b45fa1863ca66bb63ebcbe6e8731e19924c7d25769
-
SHA512
1edac0600cc0a15e5ce5b99cd81315fde6e9218fe6e75bb44ad8bf939dd6c55316aacce8cba504eb4a82c0a2ba061650782166d0e1a6d37138941acaceb2c07a
-
SSDEEP
24576:b7n4es6xhnMIIZDUFCEm6X046Udv2s9toMWuBaZPhJx3aWS:bLhPxhnOIFm6X046kOs97Wu6PxY
Static task
static1
Behavioral task
behavioral1
Sample
66c611ccb034c6196e36e14777a29fdc_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Chat
bahaarat.no-ip.biz:4153
DC_MUTEX-QXER7N1
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
MgzAAxxQMpSC
-
install
true
-
offline_keylogger
true
-
password
123lol123
-
persistence
true
-
reg_key
Windows Update
Targets
-
-
Target
66c611ccb034c6196e36e14777a29fdc_JaffaCakes118
-
Size
769KB
-
MD5
66c611ccb034c6196e36e14777a29fdc
-
SHA1
70a2f653b7db1f647be70d881bd7558e2a379db2
-
SHA256
70f06b238e9af04e21e134b45fa1863ca66bb63ebcbe6e8731e19924c7d25769
-
SHA512
1edac0600cc0a15e5ce5b99cd81315fde6e9218fe6e75bb44ad8bf939dd6c55316aacce8cba504eb4a82c0a2ba061650782166d0e1a6d37138941acaceb2c07a
-
SSDEEP
24576:b7n4es6xhnMIIZDUFCEm6X046Udv2s9toMWuBaZPhJx3aWS:bLhPxhnOIFm6X046kOs97Wu6PxY
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1