General
-
Target
73c98ffcdfaa60ff5d8cf6dabda7d0ab_JaffaCakes118
-
Size
678KB
-
Sample
240726-m7treatgpq
-
MD5
73c98ffcdfaa60ff5d8cf6dabda7d0ab
-
SHA1
046910bb88a9360ce24269768c9a46143697c103
-
SHA256
f9405a6c0b639fe55234089fa4266e53d85dedcb4111b692d832ae2f76643f0d
-
SHA512
826bafe8b7d365c91c7f9ddf56bdc432ec4035bb90602b71e0248ddb2fb1ada773ddefbf7c1bd2e6fe22feeac0e15c9fb6e6aa3d153bdf05494a1c8230644a6a
-
SSDEEP
12288:7GS0C81G0DCneK63t+ZDCrv9MVX0XNsrgpqfdhexnV1Ua9+8GPh4e+X+ETfA:7D0DSeK6GIliIsrgcOV1Ua5GZLMTfA
Static task
static1
Behavioral task
behavioral1
Sample
73c98ffcdfaa60ff5d8cf6dabda7d0ab_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
masss.no-ip.biz:1604
DC_MUTEX-KPFPAPT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
f56klvnL1Z1j
-
install
true
-
offline_keylogger
true
-
password
12345
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
73c98ffcdfaa60ff5d8cf6dabda7d0ab_JaffaCakes118
-
Size
678KB
-
MD5
73c98ffcdfaa60ff5d8cf6dabda7d0ab
-
SHA1
046910bb88a9360ce24269768c9a46143697c103
-
SHA256
f9405a6c0b639fe55234089fa4266e53d85dedcb4111b692d832ae2f76643f0d
-
SHA512
826bafe8b7d365c91c7f9ddf56bdc432ec4035bb90602b71e0248ddb2fb1ada773ddefbf7c1bd2e6fe22feeac0e15c9fb6e6aa3d153bdf05494a1c8230644a6a
-
SSDEEP
12288:7GS0C81G0DCneK63t+ZDCrv9MVX0XNsrgpqfdhexnV1Ua9+8GPh4e+X+ETfA:7D0DSeK6GIliIsrgcOV1Ua5GZLMTfA
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1