General
-
Target
674c0c5a615ed9384844e3730ed39921_JaffaCakes118
-
Size
1.1MB
-
Sample
240723-m1rngasbqc
-
MD5
674c0c5a615ed9384844e3730ed39921
-
SHA1
808c0d04e26cdb28968c5bda103493eaaac2ec48
-
SHA256
be7cf05cf4264c79963ec78e04ec11c92ec4073c4b2018cffdefa4716e3ad83d
-
SHA512
ab22c60011983f9f5593c4f941878f8327ff52d2d247ebb51e3d6e9605b10166e12db5a32e170256b64fc91dd5fb9c0197119f69c44f765af8198caef1741e07
-
SSDEEP
3072:RADjIn/CvGTvcYucSId/HzksRDu5ngajRM85ofXlEskQ8HOJNeaTW5w7wPtFCF8J:o3ExtaYVg
Static task
static1
Behavioral task
behavioral1
Sample
674c0c5a615ed9384844e3730ed39921_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
LOVEr
ab11.no-ip.biz:1604
DC_MUTEX-FBY5VNK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ELB2iocSE9zc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
674c0c5a615ed9384844e3730ed39921_JaffaCakes118
-
Size
1.1MB
-
MD5
674c0c5a615ed9384844e3730ed39921
-
SHA1
808c0d04e26cdb28968c5bda103493eaaac2ec48
-
SHA256
be7cf05cf4264c79963ec78e04ec11c92ec4073c4b2018cffdefa4716e3ad83d
-
SHA512
ab22c60011983f9f5593c4f941878f8327ff52d2d247ebb51e3d6e9605b10166e12db5a32e170256b64fc91dd5fb9c0197119f69c44f765af8198caef1741e07
-
SSDEEP
3072:RADjIn/CvGTvcYucSId/HzksRDu5ngajRM85ofXlEskQ8HOJNeaTW5w7wPtFCF8J:o3ExtaYVg
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-