General
-
Target
6bf9df53209b7171408453653d4cfd27_JaffaCakes118
-
Size
1.4MB
-
Sample
240724-syxplawema
-
MD5
6bf9df53209b7171408453653d4cfd27
-
SHA1
f20d13ac603eacb852d36fb1ac49445899cec4e9
-
SHA256
35b82a0cb0183b65bac3c2b2ae4f4252bfce73b2eae8a8459aadb77e57ed2789
-
SHA512
eda047a9f8a7b21390f65acf91c96b1c91e03dab49143181afff0dad2eb13dd9aeef69691f8cffcf163303dcd0913cff72d802761149d45ea8087d734505f3aa
-
SSDEEP
24576:XJ9NBbNrxMKT54cKZdcuPkNCTcK4oDU86fO:XJikyNTmMOO
Behavioral task
behavioral1
Sample
6bf9df53209b7171408453653d4cfd27_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
love88.no-ip.biz:1604
DC_MUTEX-52SB0ER
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
vBKlvr7htqZr
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6bf9df53209b7171408453653d4cfd27_JaffaCakes118
-
Size
1.4MB
-
MD5
6bf9df53209b7171408453653d4cfd27
-
SHA1
f20d13ac603eacb852d36fb1ac49445899cec4e9
-
SHA256
35b82a0cb0183b65bac3c2b2ae4f4252bfce73b2eae8a8459aadb77e57ed2789
-
SHA512
eda047a9f8a7b21390f65acf91c96b1c91e03dab49143181afff0dad2eb13dd9aeef69691f8cffcf163303dcd0913cff72d802761149d45ea8087d734505f3aa
-
SSDEEP
24576:XJ9NBbNrxMKT54cKZdcuPkNCTcK4oDU86fO:XJikyNTmMOO
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1