General
-
Target
6a2bef4da76762725022fb0b4edf0102_JaffaCakes118
-
Size
1.3MB
-
Sample
240724-emg8wazgna
-
MD5
6a2bef4da76762725022fb0b4edf0102
-
SHA1
0ebc3d054c8f4a50acf65a9b0278a5b0921b7cba
-
SHA256
c78b78846da7513873635054351863bbf4d1b68899c6d853d3dbd9e6c1a6a0de
-
SHA512
15717cc92996d66c287a74899fe3de6aa2420966268313e7d508c75cd30d58be9d142df56928dc70247e284cae1a8f8d28bce4988943a3c4d2f3e1d16de4ae72
-
SSDEEP
24576:dnvmnihQEGLKxRowYnLDxiifL4t4NWCCizZqJE90yK/cRgOnmq9g6Tj61UJE:dnenm3DAnoifL4yXRQEocOU7m6TUUJE
Static task
static1
Behavioral task
behavioral1
Sample
6a2bef4da76762725022fb0b4edf0102_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-XQA4EKL
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bR7yqUnegNVn
-
install
true
-
offline_keylogger
true
-
password
moumene
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6a2bef4da76762725022fb0b4edf0102_JaffaCakes118
-
Size
1.3MB
-
MD5
6a2bef4da76762725022fb0b4edf0102
-
SHA1
0ebc3d054c8f4a50acf65a9b0278a5b0921b7cba
-
SHA256
c78b78846da7513873635054351863bbf4d1b68899c6d853d3dbd9e6c1a6a0de
-
SHA512
15717cc92996d66c287a74899fe3de6aa2420966268313e7d508c75cd30d58be9d142df56928dc70247e284cae1a8f8d28bce4988943a3c4d2f3e1d16de4ae72
-
SSDEEP
24576:dnvmnihQEGLKxRowYnLDxiifL4t4NWCCizZqJE90yK/cRgOnmq9g6Tj61UJE:dnenm3DAnoifL4yXRQEocOU7m6TUUJE
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1