General
-
Target
67876b99631bf849caa724872a7efb67_JaffaCakes118
-
Size
252KB
-
Sample
240723-n93b1aydqr
-
MD5
67876b99631bf849caa724872a7efb67
-
SHA1
dd2a1e14c73c6e6f1fbb8a4c316a83796153a80b
-
SHA256
c302c3723e7b3e47d05e095806ff85a520e4c3ca070e3c1217d3180c60ec5982
-
SHA512
a14c34412aeb2abde6deb660101fab36b34104dde9dedb49f8dfacc0a3bec8339316b7f75a999b228fe4330f82fbe35504662aa1e860a01eb8785c5711c79bea
-
SSDEEP
6144:tMI/jlS4kCwHL76nz9Q3uR5LTYYBIsHIPA:tMQlS9Cwr79uLLTvBIYp
Behavioral task
behavioral1
Sample
67876b99631bf849caa724872a7efb67_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Victim
myhobbies.no-ip.biz:1604
DC_MUTEX-ZJMB1EV
-
InstallPath
dwm.exe
-
gencode
uj68s4bjaE8M
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Desktop Window Manager
Targets
-
-
Target
67876b99631bf849caa724872a7efb67_JaffaCakes118
-
Size
252KB
-
MD5
67876b99631bf849caa724872a7efb67
-
SHA1
dd2a1e14c73c6e6f1fbb8a4c316a83796153a80b
-
SHA256
c302c3723e7b3e47d05e095806ff85a520e4c3ca070e3c1217d3180c60ec5982
-
SHA512
a14c34412aeb2abde6deb660101fab36b34104dde9dedb49f8dfacc0a3bec8339316b7f75a999b228fe4330f82fbe35504662aa1e860a01eb8785c5711c79bea
-
SSDEEP
6144:tMI/jlS4kCwHL76nz9Q3uR5LTYYBIsHIPA:tMQlS9Cwr79uLLTvBIYp
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1