General
-
Target
86109d4b7366539f835dc5e091e083b3_JaffaCakes118
-
Size
2.8MB
-
Sample
240810-pq5tfstdnb
-
MD5
86109d4b7366539f835dc5e091e083b3
-
SHA1
8f144dc1993cb52778db11f8024cc0ebbd1f6b27
-
SHA256
8d0171f371dc3318b1bbb754c79b430b404cd309f512173b297d72dd2c9fea1d
-
SHA512
b9345b5db48c0478caddf2971519bec8087644a7c5979de18d82215a8a0db3ddd17e3f41f29a99db9a0f973380f5526338713f684fa8a4941e7946308268682d
-
SSDEEP
3072:xCGhO3Qka4UC6swWFrggA0HkFkSh2wgtskiFKQTnrbk/zwWq/da/LV+GTtX471aQ:kMra8TIFHztkROIAeF87x27Q9
Static task
static1
Behavioral task
behavioral1
Sample
86109d4b7366539f835dc5e091e083b3_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
Guest16
adobe-update.servehttp.com:19
DC_MUTEX-7ZPXCP1
-
InstallPath
adobe\adobe-updt.exe
-
gencode
3VCBdXlEZJbz
-
install
true
-
offline_keylogger
true
-
password
hitman450
-
persistence
true
-
reg_key
adobUpdate
Targets
-
-
Target
86109d4b7366539f835dc5e091e083b3_JaffaCakes118
-
Size
2.8MB
-
MD5
86109d4b7366539f835dc5e091e083b3
-
SHA1
8f144dc1993cb52778db11f8024cc0ebbd1f6b27
-
SHA256
8d0171f371dc3318b1bbb754c79b430b404cd309f512173b297d72dd2c9fea1d
-
SHA512
b9345b5db48c0478caddf2971519bec8087644a7c5979de18d82215a8a0db3ddd17e3f41f29a99db9a0f973380f5526338713f684fa8a4941e7946308268682d
-
SSDEEP
3072:xCGhO3Qka4UC6swWFrggA0HkFkSh2wgtskiFKQTnrbk/zwWq/da/LV+GTtX471aQ:kMra8TIFHztkROIAeF87x27Q9
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1