General
-
Target
6e60134d0fe3e65aa45deb9c3e84b1a4_JaffaCakes118
-
Size
236KB
-
Sample
240725-glwe8asbpk
-
MD5
6e60134d0fe3e65aa45deb9c3e84b1a4
-
SHA1
0f221294e3937bcc25691f5d707889d8c5f11eee
-
SHA256
df0cad739821bec80626a98c9bc52d501ceda97649bb1f8decff2bd97f41f68a
-
SHA512
aa68c008beb86baa0894dda845e966c83598fff08f41ae7d37e6f2d681178e919975e520e6fce649362afe75cf55eff14a1b8a6d645bc440a3251fdd6611f7c0
-
SSDEEP
6144:gmDUj24gqU85IzrFA9NfmDuLpNr5NhWudrWDh:gqUj2LkizrzDujVNhWucD
Static task
static1
Behavioral task
behavioral1
Sample
6e60134d0fe3e65aa45deb9c3e84b1a4_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
mkidech.zapto.org:1604
DC_MUTEX-NB20Q2J
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
STjsNl3PnbGg
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6e60134d0fe3e65aa45deb9c3e84b1a4_JaffaCakes118
-
Size
236KB
-
MD5
6e60134d0fe3e65aa45deb9c3e84b1a4
-
SHA1
0f221294e3937bcc25691f5d707889d8c5f11eee
-
SHA256
df0cad739821bec80626a98c9bc52d501ceda97649bb1f8decff2bd97f41f68a
-
SHA512
aa68c008beb86baa0894dda845e966c83598fff08f41ae7d37e6f2d681178e919975e520e6fce649362afe75cf55eff14a1b8a6d645bc440a3251fdd6611f7c0
-
SSDEEP
6144:gmDUj24gqU85IzrFA9NfmDuLpNr5NhWudrWDh:gqUj2LkizrzDujVNhWucD
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1