General
-
Target
76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118
-
Size
236KB
-
Sample
240727-ep8tlswgkp
-
MD5
76fea28420b8f95ebd8f92d49ea23b34
-
SHA1
8e36074e63a4cab1d75618463a1c63ffcd8581cb
-
SHA256
04c1494cf3a15ada715f4867dc12788eb61b828d8fadd3d9d8b1e81d461a5b2d
-
SHA512
33d344a659b9607d524ac0dba7e9a4239334d08840d4ec71e34c77d4248bf88bc91ee9c27cb26d319b00fb99b0e5e10e78e40481559b9f0581bcb97b9c281191
-
SSDEEP
6144:dMMWJH007FoGoyy4LozdtSMxuzhXv67fRCwsp9WONUff6:sJH0NGoyz4uzpifRCwGWON
Static task
static1
Behavioral task
behavioral1
Sample
76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
sheepception
thematrixx.zapto.org:1333
sheepception.zapto.org:1333
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
fXfsZcmQgzoa
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Extracted
latentbot
sheepception.zapto.org
Targets
-
-
Target
76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118
-
Size
236KB
-
MD5
76fea28420b8f95ebd8f92d49ea23b34
-
SHA1
8e36074e63a4cab1d75618463a1c63ffcd8581cb
-
SHA256
04c1494cf3a15ada715f4867dc12788eb61b828d8fadd3d9d8b1e81d461a5b2d
-
SHA512
33d344a659b9607d524ac0dba7e9a4239334d08840d4ec71e34c77d4248bf88bc91ee9c27cb26d319b00fb99b0e5e10e78e40481559b9f0581bcb97b9c281191
-
SSDEEP
6144:dMMWJH007FoGoyy4LozdtSMxuzhXv67fRCwsp9WONUff6:sJH0NGoyz4uzpifRCwGWON
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2