General
-
Target
7352c83d0a6db4f316d7c504db817fec_JaffaCakes118
-
Size
1.2MB
-
Sample
240726-kjld1sxcjk
-
MD5
7352c83d0a6db4f316d7c504db817fec
-
SHA1
7cc6d7e00193d1fb787dd244b6d4c4c9110bdf94
-
SHA256
a4c23b8125efc78be13a590d0afa2df027a45f1a4de9872dd0da2a8dc1aac97f
-
SHA512
eeccd948abeae73d707eede02823df78f9f2d8457299e89551947640221aa83599d84e6952b1b6a2c927ab27fc3d8919748d4b696b2a53881347dc78c34ea228
-
SSDEEP
24576:19Jsza/yL2IBvGVZjs/G2t9CERzKZ2WIsuldm7dGKUK/cRgOnmq9g6iJGtCI:6z0VMG2jzHaOmJfcOU7m6iJi
Static task
static1
Behavioral task
behavioral1
Sample
7352c83d0a6db4f316d7c504db817fec_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
biggman.no-ip.biz:1604
DC_MUTEX-GK25RG0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NKpuLtaCN4JK
-
install
true
-
offline_keylogger
true
-
password
0602239012
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7352c83d0a6db4f316d7c504db817fec_JaffaCakes118
-
Size
1.2MB
-
MD5
7352c83d0a6db4f316d7c504db817fec
-
SHA1
7cc6d7e00193d1fb787dd244b6d4c4c9110bdf94
-
SHA256
a4c23b8125efc78be13a590d0afa2df027a45f1a4de9872dd0da2a8dc1aac97f
-
SHA512
eeccd948abeae73d707eede02823df78f9f2d8457299e89551947640221aa83599d84e6952b1b6a2c927ab27fc3d8919748d4b696b2a53881347dc78c34ea228
-
SSDEEP
24576:19Jsza/yL2IBvGVZjs/G2t9CERzKZ2WIsuldm7dGKUK/cRgOnmq9g6iJGtCI:6z0VMG2jzHaOmJfcOU7m6iJi
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1