General
-
Target
6884ee9f2e9979aaff7e8064fbe5cdf2_JaffaCakes118
-
Size
1.3MB
-
Sample
240723-vzp29atepd
-
MD5
6884ee9f2e9979aaff7e8064fbe5cdf2
-
SHA1
e2c726844e50784db2c1d106daf3b47a71707218
-
SHA256
97322bc3dfe63e1fa354c10f23426afb6638ec9e555e9c6d804ff27239bc5b1d
-
SHA512
9c5fb247c38157232a6704c47afa78e7fee9112218e0f4be90f3bfd0a6d4bb3df7b69e89ab75c1391d2eb0a1e5875fc16193f3bc44c4885b6ee1fdbd5d8b6cb5
-
SSDEEP
24576:3j7cak+HYchIgIN9tQMRAe7oZw00OAyvqlEQ4Siw2vjR3ixUl1aM7:3jYQIjfQuAe7oZw00idQorvlSxUym
Behavioral task
behavioral1
Sample
6884ee9f2e9979aaff7e8064fbe5cdf2_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
katrena1986.no-ip.biz:88
�����
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Ebe2ZYnwjeiU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6884ee9f2e9979aaff7e8064fbe5cdf2_JaffaCakes118
-
Size
1.3MB
-
MD5
6884ee9f2e9979aaff7e8064fbe5cdf2
-
SHA1
e2c726844e50784db2c1d106daf3b47a71707218
-
SHA256
97322bc3dfe63e1fa354c10f23426afb6638ec9e555e9c6d804ff27239bc5b1d
-
SHA512
9c5fb247c38157232a6704c47afa78e7fee9112218e0f4be90f3bfd0a6d4bb3df7b69e89ab75c1391d2eb0a1e5875fc16193f3bc44c4885b6ee1fdbd5d8b6cb5
-
SSDEEP
24576:3j7cak+HYchIgIN9tQMRAe7oZw00OAyvqlEQ4Siw2vjR3ixUl1aM7:3jYQIjfQuAe7oZw00idQorvlSxUym
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify Tools
3Modify Registry
6