General
-
Target
7e39b75cfb9bf100c278d836f195c976_JaffaCakes118
-
Size
235KB
-
Sample
240731-2mpz2sxcmr
-
MD5
7e39b75cfb9bf100c278d836f195c976
-
SHA1
20371839ffc67e51c7098a559eb4e169eb7634d0
-
SHA256
fc7b749f4b9d3e0a4778fa7d9c1294fe692d6904d14d9583682c344d80594d2a
-
SHA512
88b4e8de71352a43ee31457955d7769dcd6926af3dfd4d857f44e4c8ad3df1da1e76bef4e66851dbc47be78bc1c4b4e1cca2b336e68a86e53ef605c18ca0a013
-
SSDEEP
3072:iY/ygXnCQUYy9yxhjrSsplyU5iHquGbT47mJaCki/q/7NRgOYromMD8goZ9yz28q:iYLtU7Ixhnhz5TN6mJWd/7qMD8gmggf
Static task
static1
Behavioral task
behavioral1
Sample
7e39b75cfb9bf100c278d836f195c976_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
themagician1970.no-ip.org:81
DC_MUTEX-3UC1ZGZ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
1UzPYfvG7H1j
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7e39b75cfb9bf100c278d836f195c976_JaffaCakes118
-
Size
235KB
-
MD5
7e39b75cfb9bf100c278d836f195c976
-
SHA1
20371839ffc67e51c7098a559eb4e169eb7634d0
-
SHA256
fc7b749f4b9d3e0a4778fa7d9c1294fe692d6904d14d9583682c344d80594d2a
-
SHA512
88b4e8de71352a43ee31457955d7769dcd6926af3dfd4d857f44e4c8ad3df1da1e76bef4e66851dbc47be78bc1c4b4e1cca2b336e68a86e53ef605c18ca0a013
-
SSDEEP
3072:iY/ygXnCQUYy9yxhjrSsplyU5iHquGbT47mJaCki/q/7NRgOYromMD8goZ9yz28q:iYLtU7Ixhnhz5TN6mJWd/7qMD8gmggf
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
5