General
-
Target
6cffdd65b64ffb7ee4ac830ddcd7e038_JaffaCakes118
-
Size
690KB
-
Sample
240724-17gczazgrq
-
MD5
6cffdd65b64ffb7ee4ac830ddcd7e038
-
SHA1
57a797e26eed12a555bf1edb9b5a6eea4109fc56
-
SHA256
5bcb25635791e470c9c347d69573626fdf93040dd2a52bae7947041fe54e6a7f
-
SHA512
b69be17dd5cbe67ee8144fc90c9ee0dfb93d223003d6e7de135da3e3f71019531e047270a9fc3ebcf62da3a2bf9e373ed7debea31fd458704195245e5be45584
-
SSDEEP
12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hAls:BZ1xuVVjfFoynPaVBUR8f+kN10EBZ
Behavioral task
behavioral1
Sample
6cffdd65b64ffb7ee4ac830ddcd7e038_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
ewqeqwdw.duckdns.org:81
DC_MUTEX-W4N6J00
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Y49ga9JSqw5Q
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6cffdd65b64ffb7ee4ac830ddcd7e038_JaffaCakes118
-
Size
690KB
-
MD5
6cffdd65b64ffb7ee4ac830ddcd7e038
-
SHA1
57a797e26eed12a555bf1edb9b5a6eea4109fc56
-
SHA256
5bcb25635791e470c9c347d69573626fdf93040dd2a52bae7947041fe54e6a7f
-
SHA512
b69be17dd5cbe67ee8144fc90c9ee0dfb93d223003d6e7de135da3e3f71019531e047270a9fc3ebcf62da3a2bf9e373ed7debea31fd458704195245e5be45584
-
SSDEEP
12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hAls:BZ1xuVVjfFoynPaVBUR8f+kN10EBZ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4