General
-
Target
761b2ea3d2f05a0b94de32442ff9cd05_JaffaCakes118
-
Size
661KB
-
Sample
240726-21w1hstdnh
-
MD5
761b2ea3d2f05a0b94de32442ff9cd05
-
SHA1
a03f6454f45d207fb5821f68d4d19e76391876c0
-
SHA256
3bb11a7d30a3e352b6a1919cdae64b58b8ed6581b5c3dc076a3f563ee88c4d86
-
SHA512
3208510fef115b1abaf9eec90c5540a50d239583fb6fce0e6297950deb44936c653d273677ac9e50193a26199ae297162bf5aab3ce1f1bb67eca5b366994b70b
-
SSDEEP
12288:IXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452U3:unAw2WWeFcfbP9VPSPMTSPL/rWvzq4JH
Behavioral task
behavioral1
Sample
761b2ea3d2f05a0b94de32442ff9cd05_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
jojojijijojo.no-ip.org:7050
DC_MUTEX-VJCE7NK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Qm8S8Vk13fvr
-
install
true
-
offline_keylogger
false
-
password
mutexvisa
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
761b2ea3d2f05a0b94de32442ff9cd05_JaffaCakes118
-
Size
661KB
-
MD5
761b2ea3d2f05a0b94de32442ff9cd05
-
SHA1
a03f6454f45d207fb5821f68d4d19e76391876c0
-
SHA256
3bb11a7d30a3e352b6a1919cdae64b58b8ed6581b5c3dc076a3f563ee88c4d86
-
SHA512
3208510fef115b1abaf9eec90c5540a50d239583fb6fce0e6297950deb44936c653d273677ac9e50193a26199ae297162bf5aab3ce1f1bb67eca5b366994b70b
-
SSDEEP
12288:IXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452U3:unAw2WWeFcfbP9VPSPMTSPL/rWvzq4JH
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1