General
-
Target
7c628b63e00fdfb7cf03f79411deeeea_JaffaCakes118
-
Size
1.1MB
-
Sample
240731-pjwbfasfrk
-
MD5
7c628b63e00fdfb7cf03f79411deeeea
-
SHA1
a60b798e860fa4c4aa8a43474b86b3f01969ba79
-
SHA256
4c308a8c665839ea491089cd987ab93a6c09ad9eb6561116776d635b660da101
-
SHA512
960b1634bf9227c753590f7c2042ae68d9e3eec2ce7722ff74ee257dccbc7da28092e4ea74af6a08790775ef6514436435e12ea4bcda173e08e25b83eca46b43
-
SSDEEP
12288:B1Eu4AZ+EOJTSNT8JpclOVgvcWS2LgHtJpXMKI1jdT5yRVhJUzIwX5+9NB8GYbnu:t0GMG15eisLl74ZYS+/VRZ
Static task
static1
Behavioral task
behavioral1
Sample
7c628b63e00fdfb7cf03f79411deeeea_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
darkcoder.no-ip.biz:1604
DC_MUTEX-L3VAPKR
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
SSMFGEWonDEN
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7c628b63e00fdfb7cf03f79411deeeea_JaffaCakes118
-
Size
1.1MB
-
MD5
7c628b63e00fdfb7cf03f79411deeeea
-
SHA1
a60b798e860fa4c4aa8a43474b86b3f01969ba79
-
SHA256
4c308a8c665839ea491089cd987ab93a6c09ad9eb6561116776d635b660da101
-
SHA512
960b1634bf9227c753590f7c2042ae68d9e3eec2ce7722ff74ee257dccbc7da28092e4ea74af6a08790775ef6514436435e12ea4bcda173e08e25b83eca46b43
-
SSDEEP
12288:B1Eu4AZ+EOJTSNT8JpclOVgvcWS2LgHtJpXMKI1jdT5yRVhJUzIwX5+9NB8GYbnu:t0GMG15eisLl74ZYS+/VRZ
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1