General
-
Target
7fdf52e6c29795edf3873748ade13d0e_JaffaCakes118
-
Size
548KB
-
Sample
240801-krbvjssbrj
-
MD5
7fdf52e6c29795edf3873748ade13d0e
-
SHA1
14c005aeb0015840038e38bd8f3ed8b8d0afb08f
-
SHA256
a010cb86c49f5095e8d23a269dfaeadaa4271311fd81ae3ecbb58d8d9405f8a9
-
SHA512
ba40011c93bc6b4610f12084b1c12612e0a6fd791a8424bd69028fd503a9feddc1546d41f78aa1a0e51c8b2f446884f59d11bb633eddeff21f417cde012878bb
-
SSDEEP
12288:1QnZp+FguhYs1ob8SfLR18KHwbQhpZggZE6rDoa2aRTiua:CnZDN1b7JV4
Static task
static1
Behavioral task
behavioral1
Sample
7fdf52e6c29795edf3873748ade13d0e_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
darkcommetrat.no-ip.org:25565
DC_MUTEX-MV4JSRU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UrntQd1f4RHS
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7fdf52e6c29795edf3873748ade13d0e_JaffaCakes118
-
Size
548KB
-
MD5
7fdf52e6c29795edf3873748ade13d0e
-
SHA1
14c005aeb0015840038e38bd8f3ed8b8d0afb08f
-
SHA256
a010cb86c49f5095e8d23a269dfaeadaa4271311fd81ae3ecbb58d8d9405f8a9
-
SHA512
ba40011c93bc6b4610f12084b1c12612e0a6fd791a8424bd69028fd503a9feddc1546d41f78aa1a0e51c8b2f446884f59d11bb633eddeff21f417cde012878bb
-
SSDEEP
12288:1QnZp+FguhYs1ob8SfLR18KHwbQhpZggZE6rDoa2aRTiua:CnZDN1b7JV4
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2