General
-
Target
8399e22a618497da4fb73205fdecebcd_JaffaCakes118
-
Size
644KB
-
Sample
240809-z9pxfszcpr
-
MD5
8399e22a618497da4fb73205fdecebcd
-
SHA1
7ead998adc1969b7917195e76188bbce7f1c6f4a
-
SHA256
022e216bc025cf6c4dd9b478f81bf6290b933ec78488696f7a9b88199d7739a0
-
SHA512
3e5de840115b3c33dc1b384d3353a8ac933259836cd83c1333e71dde3e6c08a69cd91134903c12ad40b44356c60cbdc077f5fbecc16d43c17cb386dd48becf05
-
SSDEEP
12288:IJdTK+HwbCV94hNQNxfKnvHz50gOVyajK1TTHEB18GmWjApG:IJTh/svHCg2yaSTHq8Pt8
Static task
static1
Behavioral task
behavioral1
Sample
8399e22a618497da4fb73205fdecebcd_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
mw2511.no-ip.info:1604
DC_MUTEX-TC9QD01
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWFty2jHXpbm
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8399e22a618497da4fb73205fdecebcd_JaffaCakes118
-
Size
644KB
-
MD5
8399e22a618497da4fb73205fdecebcd
-
SHA1
7ead998adc1969b7917195e76188bbce7f1c6f4a
-
SHA256
022e216bc025cf6c4dd9b478f81bf6290b933ec78488696f7a9b88199d7739a0
-
SHA512
3e5de840115b3c33dc1b384d3353a8ac933259836cd83c1333e71dde3e6c08a69cd91134903c12ad40b44356c60cbdc077f5fbecc16d43c17cb386dd48becf05
-
SSDEEP
12288:IJdTK+HwbCV94hNQNxfKnvHz50gOVyajK1TTHEB18GmWjApG:IJTh/svHCg2yaSTHq8Pt8
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4