General
-
Target
7459dabde9a71618f63bde5999c81138_JaffaCakes118
-
Size
343KB
-
Sample
240726-q9zbfssanq
-
MD5
7459dabde9a71618f63bde5999c81138
-
SHA1
244848e90107432bda5e929993193df7244dd724
-
SHA256
cc412889e3b6f4c3eb2935e2378d72f4b22949ed62024b53d401856b64facdc2
-
SHA512
35ff9ac4ae4dbd75707e309f82c42d48c9bcc26ca863d849a9143a6e13474c8b147c38c04359a1da777be35ccdc28b8074e2ca910c86586914028e038a27bd4d
-
SSDEEP
6144:JQ/W2mGZyRhTXMBCqyh7tP7H7xV1tBMDheWJ0S+x:JQODGIYBCjh7V7HFV1tCVnJ07x
Static task
static1
Behavioral task
behavioral1
Sample
7459dabde9a71618f63bde5999c81138_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
loveayada.zapto.org:443
DC_MUTEX-ZNQTKSY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
hqypCTfXL65a
-
install
true
-
offline_keylogger
true
-
password
0123456789
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7459dabde9a71618f63bde5999c81138_JaffaCakes118
-
Size
343KB
-
MD5
7459dabde9a71618f63bde5999c81138
-
SHA1
244848e90107432bda5e929993193df7244dd724
-
SHA256
cc412889e3b6f4c3eb2935e2378d72f4b22949ed62024b53d401856b64facdc2
-
SHA512
35ff9ac4ae4dbd75707e309f82c42d48c9bcc26ca863d849a9143a6e13474c8b147c38c04359a1da777be35ccdc28b8074e2ca910c86586914028e038a27bd4d
-
SSDEEP
6144:JQ/W2mGZyRhTXMBCqyh7tP7H7xV1tBMDheWJ0S+x:JQODGIYBCjh7V7HFV1tCVnJ07x
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7