General
-
Target
7fa2962d464a1e6aaff03c09cf7e538b_JaffaCakes118
-
Size
592KB
-
Sample
240801-h7qmjashqb
-
MD5
7fa2962d464a1e6aaff03c09cf7e538b
-
SHA1
53ed1256ee387bd8fd015bba0bdc79d754d22c7c
-
SHA256
f876c0b4cde4cf27754c95b605b62e1952f7c0416ac38a08db6178a895acb4c1
-
SHA512
99f3f98690da192a7f495236501a40454fcf59bf62c5694f0208b5114886de50ccd23c2d8ad8911a41a670c39369585aa99140269a1534dbea0db4d6eaf6d2b9
-
SSDEEP
6144:KdtifXN7XegqunP25EmcmiSZPoCE0H3tovCL6DJreQQf17E4oMkZ98gWNlPTGQQX:KOl7OgHP/kiSZBhtovE6SdOvINtTird
Static task
static1
Behavioral task
behavioral1
Sample
7fa2962d464a1e6aaff03c09cf7e538b_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
saw-88.no-ip.biz:1604
DC_MUTEX-FAAE1T4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
4chxqdwMXJlw
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7fa2962d464a1e6aaff03c09cf7e538b_JaffaCakes118
-
Size
592KB
-
MD5
7fa2962d464a1e6aaff03c09cf7e538b
-
SHA1
53ed1256ee387bd8fd015bba0bdc79d754d22c7c
-
SHA256
f876c0b4cde4cf27754c95b605b62e1952f7c0416ac38a08db6178a895acb4c1
-
SHA512
99f3f98690da192a7f495236501a40454fcf59bf62c5694f0208b5114886de50ccd23c2d8ad8911a41a670c39369585aa99140269a1534dbea0db4d6eaf6d2b9
-
SSDEEP
6144:KdtifXN7XegqunP25EmcmiSZPoCE0H3tovCL6DJreQQf17E4oMkZ98gWNlPTGQQX:KOl7OgHP/kiSZBhtovE6SdOvINtTird
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1