General
-
Target
76b27fb0cf68b6bd9e32547856fca887_JaffaCakes118
-
Size
696KB
-
Sample
240727-csjmsatfmf
-
MD5
76b27fb0cf68b6bd9e32547856fca887
-
SHA1
ffc4773dbd5c23e9c99b121ade322b160a76c737
-
SHA256
5b2affa188704510f48eaed61522632ff7d95fd462b1e508ee02538e9d6a3a17
-
SHA512
993fc6a5f7e931320441e63203b4d4c7efafbac213cbf37af4bc003799c143171f6009b73647232235053f258771f8a68a9e586d76256efcb39e6a5483d30123
-
SSDEEP
12288:IrcZkHbetlOj86SSHw9J7Yxn1mElPqHGogo8ghowmE+KGucp/lQmXHeAmu7Os:IrcYbefv3SHsQmEnogo8ghrm/p/lQmXp
Static task
static1
Behavioral task
behavioral1
Sample
76b27fb0cf68b6bd9e32547856fca887_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
HF
192.168.0.2:100
surfingforus.zapto.org:100
DC_MUTEX-B4DJA70
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ShXk49WH4tyF
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Extracted
latentbot
surfingforus.zapto.org
Targets
-
-
Target
76b27fb0cf68b6bd9e32547856fca887_JaffaCakes118
-
Size
696KB
-
MD5
76b27fb0cf68b6bd9e32547856fca887
-
SHA1
ffc4773dbd5c23e9c99b121ade322b160a76c737
-
SHA256
5b2affa188704510f48eaed61522632ff7d95fd462b1e508ee02538e9d6a3a17
-
SHA512
993fc6a5f7e931320441e63203b4d4c7efafbac213cbf37af4bc003799c143171f6009b73647232235053f258771f8a68a9e586d76256efcb39e6a5483d30123
-
SSDEEP
12288:IrcZkHbetlOj86SSHw9J7Yxn1mElPqHGogo8ghowmE+KGucp/lQmXHeAmu7Os:IrcYbefv3SHsQmEnogo8ghrm/p/lQmXp
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1