General
-
Target
4a152e4035f9c9e98a81519881394cfa_JaffaCakes118
-
Size
253KB
-
Sample
240729-q2nvra1clr
-
MD5
4a152e4035f9c9e98a81519881394cfa
-
SHA1
3dd73c4fcde3b7dc477d1c99835032f7a732681b
-
SHA256
726f0333e1ef67ca0f9bf1ca37f63b0cdd1f4112241c7a208bca73de5462f6ba
-
SHA512
e764ce719989812948a53459c0f61ed73fd597faa8ad04cafe247894a451c1bce8b70f265ac1e3ecfff8387f44b1a76d06caaef2d691f565dd56c8a55df7264b
-
SSDEEP
6144:WD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:Wl8E4w5huat7UovONzbXw
Behavioral task
behavioral1
Sample
4a152e4035f9c9e98a81519881394cfa_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
vzlomzokrk.ddns.net:1604
vzlomzokrk.ddns.net:27015
vzlomzokrk.ddns.net:27016
DC_MUTEX-J0D6D42
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nHTAViDmi43W
-
install
true
-
offline_keylogger
false
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
4a152e4035f9c9e98a81519881394cfa_JaffaCakes118
-
Size
253KB
-
MD5
4a152e4035f9c9e98a81519881394cfa
-
SHA1
3dd73c4fcde3b7dc477d1c99835032f7a732681b
-
SHA256
726f0333e1ef67ca0f9bf1ca37f63b0cdd1f4112241c7a208bca73de5462f6ba
-
SHA512
e764ce719989812948a53459c0f61ed73fd597faa8ad04cafe247894a451c1bce8b70f265ac1e3ecfff8387f44b1a76d06caaef2d691f565dd56c8a55df7264b
-
SSDEEP
6144:WD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:Wl8E4w5huat7UovONzbXw
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7