General
-
Target
7fb95a278a19e2e617103073ce277949_JaffaCakes118
-
Size
1.0MB
-
Sample
240801-jqy31sthmg
-
MD5
7fb95a278a19e2e617103073ce277949
-
SHA1
b35d3abe168e600e479fe4ee0a9bbd0d16896293
-
SHA256
e10ceccfa2079cd2c7fbd113a12b2543089858353aa864120ac4fa4293a44c82
-
SHA512
f3a7abb1041b9cb894e11d240e651e1874f4698a426f652afa82360065da05cbbed3e7910b8cd3a82bc38b35e6ce5a07b8cc110e7c3823816fc4e4104fb112b8
-
SSDEEP
24576:FhXEizcghu+seL01pUbWm/FZk8KDdZprnIRWmAZfwv:z0rgw+s8k8KZ6DA1e
Static task
static1
Behavioral task
behavioral1
Sample
7fb95a278a19e2e617103073ce277949_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
rat298.no-ip.biz:1604
DC_MUTEX-0GZYHZ0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
z8rgSbLtXLFl
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7fb95a278a19e2e617103073ce277949_JaffaCakes118
-
Size
1.0MB
-
MD5
7fb95a278a19e2e617103073ce277949
-
SHA1
b35d3abe168e600e479fe4ee0a9bbd0d16896293
-
SHA256
e10ceccfa2079cd2c7fbd113a12b2543089858353aa864120ac4fa4293a44c82
-
SHA512
f3a7abb1041b9cb894e11d240e651e1874f4698a426f652afa82360065da05cbbed3e7910b8cd3a82bc38b35e6ce5a07b8cc110e7c3823816fc4e4104fb112b8
-
SSDEEP
24576:FhXEizcghu+seL01pUbWm/FZk8KDdZprnIRWmAZfwv:z0rgw+s8k8KZ6DA1e
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2