General
-
Target
71724dd56b95cfd21320f590f574443e_JaffaCakes118
-
Size
402KB
-
Sample
240725-151c3ayaqj
-
MD5
71724dd56b95cfd21320f590f574443e
-
SHA1
e1c8dd908425fcf802bc33675d3c48f894a7b238
-
SHA256
01266e3f2e2c18d219ad878dcccf2717e5b8205d62d2a1afe231d76bd216c9f1
-
SHA512
8793e1dbdd87d79cdf19841caf3f1818f4b8d57a6a009afee233231a95970a40991e287d643aff368830f447fd80e3f6d4ed5f3a145bb6931642f077e1221921
-
SSDEEP
12288:rhxoMVJyfJNiN3N1x080oUJjZmcUjupNiP:rrdJyRNiN350r4IiP
Behavioral task
behavioral1
Sample
71724dd56b95cfd21320f590f574443e_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-YV9537W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
vtZamnSTfx5d
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
71724dd56b95cfd21320f590f574443e_JaffaCakes118
-
Size
402KB
-
MD5
71724dd56b95cfd21320f590f574443e
-
SHA1
e1c8dd908425fcf802bc33675d3c48f894a7b238
-
SHA256
01266e3f2e2c18d219ad878dcccf2717e5b8205d62d2a1afe231d76bd216c9f1
-
SHA512
8793e1dbdd87d79cdf19841caf3f1818f4b8d57a6a009afee233231a95970a40991e287d643aff368830f447fd80e3f6d4ed5f3a145bb6931642f077e1221921
-
SSDEEP
12288:rhxoMVJyfJNiN3N1x080oUJjZmcUjupNiP:rrdJyRNiN350r4IiP
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1