General
-
Target
880b74213950b0697dfb41be1eedfae2_JaffaCakes118
-
Size
232KB
-
Sample
240810-25mmmsxdja
-
MD5
880b74213950b0697dfb41be1eedfae2
-
SHA1
c885a23b2e0b30d49430341d471c9221b7d97484
-
SHA256
be1615005027a1f209bdbfc340b7d5b7a22a65adae1b4ce8dd6019f4e96f97ac
-
SHA512
ac124b3726eee063629dac74b2f4f3bfa3928868410c6159daf9aef9f5317d388c91cdea3d1d1aed1c451412e1b5e43909aec8c478f10f5e13e60f17a66e294b
-
SSDEEP
6144:WNJiMqZjp9qRfKgGoVcgF9//+LkwFA372KdKVNJPWhXkL7X:WvMZN9QKh3S/qs2KUnJPWu7X
Static task
static1
Behavioral task
behavioral1
Sample
880b74213950b0697dfb41be1eedfae2_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
ksa-root.no-ip.org:43
DC_MUTEX-KS8RZ9R
-
InstallPath
update\avupd.exe
-
gencode
2SvfLEsL8u3E
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
880b74213950b0697dfb41be1eedfae2_JaffaCakes118
-
Size
232KB
-
MD5
880b74213950b0697dfb41be1eedfae2
-
SHA1
c885a23b2e0b30d49430341d471c9221b7d97484
-
SHA256
be1615005027a1f209bdbfc340b7d5b7a22a65adae1b4ce8dd6019f4e96f97ac
-
SHA512
ac124b3726eee063629dac74b2f4f3bfa3928868410c6159daf9aef9f5317d388c91cdea3d1d1aed1c451412e1b5e43909aec8c478f10f5e13e60f17a66e294b
-
SSDEEP
6144:WNJiMqZjp9qRfKgGoVcgF9//+LkwFA372KdKVNJPWhXkL7X:WvMZN9QKh3S/qs2KUnJPWu7X
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1