General
-
Target
67851006cff67b0bf2ed41d716d656f8_JaffaCakes118
-
Size
701KB
-
Sample
240723-n743tavhrq
-
MD5
67851006cff67b0bf2ed41d716d656f8
-
SHA1
6807f3624be4a34fd66e35339d47c965fbc24749
-
SHA256
5fb5bc37f828d36358f72f86b5699dfb82add3f0f50b9eac837f813362d23046
-
SHA512
34e5785989e2a733b8a935dedaf44b37253457c43d23817ca58d917b5c3ef99a770081c37317738e502afcf6b28a9701cced3aa35117c38e1f66874d2ef50ba0
-
SSDEEP
12288:IM0GBAUfKBV4dl4yzTNu+jAGAsH1X/Vkb8rIRCTQoMnYFOKQ29jpH6n8/b6p1d:Z9vE4dZQ+TAI1XibSIRUMnd29danXv
Static task
static1
Behavioral task
behavioral1
Sample
67851006cff67b0bf2ed41d716d656f8_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:81
DC_MUTEX-9S19QMZ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
asi5B2pzNgey
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
67851006cff67b0bf2ed41d716d656f8_JaffaCakes118
-
Size
701KB
-
MD5
67851006cff67b0bf2ed41d716d656f8
-
SHA1
6807f3624be4a34fd66e35339d47c965fbc24749
-
SHA256
5fb5bc37f828d36358f72f86b5699dfb82add3f0f50b9eac837f813362d23046
-
SHA512
34e5785989e2a733b8a935dedaf44b37253457c43d23817ca58d917b5c3ef99a770081c37317738e502afcf6b28a9701cced3aa35117c38e1f66874d2ef50ba0
-
SSDEEP
12288:IM0GBAUfKBV4dl4yzTNu+jAGAsH1X/Vkb8rIRCTQoMnYFOKQ29jpH6n8/b6p1d:Z9vE4dZQ+TAI1XibSIRUMnd29danXv
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1