General
-
Target
68b36abd59d57c05917c304efebc919c_JaffaCakes118
-
Size
1.2MB
-
Sample
240723-ynmpjavcnk
-
MD5
68b36abd59d57c05917c304efebc919c
-
SHA1
b4543ed6389d2919fb090102de8156612d184731
-
SHA256
6d3ee4c6084fcea2bfde1cf6e1849852d31915ac3d9e628981901f98ced46e79
-
SHA512
e15d38c912d351ba19a6388878a0cc8361bef68ff1f923edcf437448063fa4d98537434d04b7ccb3dca8a8294864fa6dfd260fb0ad22033a24597e48fbad043d
-
SSDEEP
24576:6vM71CgBp1xGRECkOj3crqxHrwm+Fw5z4kwlA/+IJJPYnjcpS0:V71lX1frer+OsVscZ
Behavioral task
behavioral1
Sample
68b36abd59d57c05917c304efebc919c_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
brhom.no-ip.org:1604
DC_MUTEX-4SS8BBW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
5kyaXHSs4kx8
-
install
true
-
offline_keylogger
true
-
password
0566699323
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
68b36abd59d57c05917c304efebc919c_JaffaCakes118
-
Size
1.2MB
-
MD5
68b36abd59d57c05917c304efebc919c
-
SHA1
b4543ed6389d2919fb090102de8156612d184731
-
SHA256
6d3ee4c6084fcea2bfde1cf6e1849852d31915ac3d9e628981901f98ced46e79
-
SHA512
e15d38c912d351ba19a6388878a0cc8361bef68ff1f923edcf437448063fa4d98537434d04b7ccb3dca8a8294864fa6dfd260fb0ad22033a24597e48fbad043d
-
SSDEEP
24576:6vM71CgBp1xGRECkOj3crqxHrwm+Fw5z4kwlA/+IJJPYnjcpS0:V71lX1frer+OsVscZ
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1