General
-
Target
7897837885b3a475f18e5ee864f7238a_JaffaCakes118
-
Size
331KB
-
Sample
240727-sknvjavflq
-
MD5
7897837885b3a475f18e5ee864f7238a
-
SHA1
485882ba501347eb99489c10867bd1520decd1f5
-
SHA256
9692260cb951a7685dd29e7b410ca5a086514a402ac9f36c7fc5d47ddbe06bf6
-
SHA512
f2c6a420ae9161d5c67cbbccb037880498425ccb8efa335380c49234e193a654622e458f59e8e57a1823a990305b3de12a1ea99461003fb4e87feade785768f7
-
SSDEEP
6144:hhH76Gd6Mqk84ZIjzJNiNr5ldxb6g1x080pqUJjZmSpUjVIH3soJ:hhxoMVJyfJNiN3N1x080oUJjZmcUjup
Behavioral task
behavioral1
Sample
7897837885b3a475f18e5ee864f7238a_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-YV9537W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
vtZamnSTfx5d
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7897837885b3a475f18e5ee864f7238a_JaffaCakes118
-
Size
331KB
-
MD5
7897837885b3a475f18e5ee864f7238a
-
SHA1
485882ba501347eb99489c10867bd1520decd1f5
-
SHA256
9692260cb951a7685dd29e7b410ca5a086514a402ac9f36c7fc5d47ddbe06bf6
-
SHA512
f2c6a420ae9161d5c67cbbccb037880498425ccb8efa335380c49234e193a654622e458f59e8e57a1823a990305b3de12a1ea99461003fb4e87feade785768f7
-
SSDEEP
6144:hhH76Gd6Mqk84ZIjzJNiNr5ldxb6g1x080pqUJjZmSpUjVIH3soJ:hhxoMVJyfJNiN3N1x080oUJjZmcUjup
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1