General
-
Target
8393b965a4159ab6400d46899c943af1_JaffaCakes118
-
Size
234KB
-
Sample
240809-z4lb3stbrc
-
MD5
8393b965a4159ab6400d46899c943af1
-
SHA1
13f2b5f18cbb2ea6165bcca033d3d17880965a71
-
SHA256
a243b4d437e5381ce22852e3bc6f6621dfaf8a618526d37d4e763a43c5634c07
-
SHA512
8f5146b3ff5e35e8b9376a568da405bb74f89da8d36d7faba79a32281b25f57e6fa6b93a3b22ab4bc36041025e902e45ffcca18865e74a732d5ff30b9040483e
-
SSDEEP
6144:9hqN2gp8/DlfS7kuF8EZZY0W+DBOeq0S98JS9ToS:9h8eDlK7iEFVhq0SeU9ToS
Behavioral task
behavioral1
Sample
8393b965a4159ab6400d46899c943af1_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
VzpgEE93M5fr
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8393b965a4159ab6400d46899c943af1_JaffaCakes118
-
Size
234KB
-
MD5
8393b965a4159ab6400d46899c943af1
-
SHA1
13f2b5f18cbb2ea6165bcca033d3d17880965a71
-
SHA256
a243b4d437e5381ce22852e3bc6f6621dfaf8a618526d37d4e763a43c5634c07
-
SHA512
8f5146b3ff5e35e8b9376a568da405bb74f89da8d36d7faba79a32281b25f57e6fa6b93a3b22ab4bc36041025e902e45ffcca18865e74a732d5ff30b9040483e
-
SSDEEP
6144:9hqN2gp8/DlfS7kuF8EZZY0W+DBOeq0S98JS9ToS:9h8eDlK7iEFVhq0SeU9ToS
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1