General
-
Target
8164c48d6dd6cc20309bdc5c8135561b_JaffaCakes118
-
Size
598KB
-
Sample
240801-v3xaqsvhqd
-
MD5
8164c48d6dd6cc20309bdc5c8135561b
-
SHA1
39bd3d2ac36b7461f541c4b861d067c48024742c
-
SHA256
9aa3ce52260ba0914639a1a63a8c2447563578e8167c50f8a541f542e0f615e8
-
SHA512
ff28fafcded7e56a99a8e8c7a1e8976c5890cc271ad98bf8296e8366dee05ed4e6acdc83125e5c5bfa2984d288bd9d0d9a59245a1f8ff5bbd109812a9a3d40e1
-
SSDEEP
12288:wY89kymZ1iptv+qKhFc9mO9HaN2n6jygDAUJ2sc30Xy5SO0PEo:cWymZ1iD+qKhSmOb6rbJu3Ps1
Static task
static1
Behavioral task
behavioral1
Sample
8164c48d6dd6cc20309bdc5c8135561b_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
mohamedmmk.zapto.org:82
DC_MUTEX-L1KB0QQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
LN0J2LLsllhH
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8164c48d6dd6cc20309bdc5c8135561b_JaffaCakes118
-
Size
598KB
-
MD5
8164c48d6dd6cc20309bdc5c8135561b
-
SHA1
39bd3d2ac36b7461f541c4b861d067c48024742c
-
SHA256
9aa3ce52260ba0914639a1a63a8c2447563578e8167c50f8a541f542e0f615e8
-
SHA512
ff28fafcded7e56a99a8e8c7a1e8976c5890cc271ad98bf8296e8366dee05ed4e6acdc83125e5c5bfa2984d288bd9d0d9a59245a1f8ff5bbd109812a9a3d40e1
-
SSDEEP
12288:wY89kymZ1iptv+qKhFc9mO9HaN2n6jygDAUJ2sc30Xy5SO0PEo:cWymZ1iD+qKhSmOb6rbJu3Ps1
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1