General
-
Target
82d70437c1f62160cd4285876fbb37ff_JaffaCakes118
-
Size
310KB
-
Sample
240802-dtfsysxfkd
-
MD5
82d70437c1f62160cd4285876fbb37ff
-
SHA1
7359a23f907c57415041b294e67b68d00bc6a129
-
SHA256
a3cad1520518d81cc9fa70b22a836f50f639dbb8596e21ed70136158e8d47701
-
SHA512
98b46781f2adb890ab31b442c755e445fbaeac50dd7ad4e80fa9b344e5af500b8788d4db40d4e5af3fcf1b96f9dd67873bf68cf026fb3b131d4d083a458318b5
-
SSDEEP
6144:nD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZkXittZn1UYM:nl8E4w5huat7UovONzbXwoXIFU9
Static task
static1
Behavioral task
behavioral1
Sample
82d70437c1f62160cd4285876fbb37ff_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
brhoom1406.no-ip.org:1604
DC_MUTEX-UN78W0H
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UYbJQb0Dj7V3
-
install
true
-
offline_keylogger
true
-
password
0566699323
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
82d70437c1f62160cd4285876fbb37ff_JaffaCakes118
-
Size
310KB
-
MD5
82d70437c1f62160cd4285876fbb37ff
-
SHA1
7359a23f907c57415041b294e67b68d00bc6a129
-
SHA256
a3cad1520518d81cc9fa70b22a836f50f639dbb8596e21ed70136158e8d47701
-
SHA512
98b46781f2adb890ab31b442c755e445fbaeac50dd7ad4e80fa9b344e5af500b8788d4db40d4e5af3fcf1b96f9dd67873bf68cf026fb3b131d4d083a458318b5
-
SSDEEP
6144:nD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZkXittZn1UYM:nl8E4w5huat7UovONzbXwoXIFU9
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1