General
-
Target
8765a5e1f007f0063ab6d1f55a986fe8_JaffaCakes118
-
Size
1.5MB
-
Sample
240810-ydwjpavcnn
-
MD5
8765a5e1f007f0063ab6d1f55a986fe8
-
SHA1
0df249f5c7d9e6bb91c73a8fd7651d186571b97c
-
SHA256
df11a1c9b0f856c56cde814e93905525b87b81ad089fee0e5f8ac685fd582fba
-
SHA512
4eb5ca1663b452f80062df5a5f91630d3c7def41c334118d1b4a4862ad642fb3d7960f56b32082ff5fbff2b78a9fbc11961b949c4f1e765a144fa4f959658038
-
SSDEEP
24576:6MKL7S6ZU6+7oiXkgPDBfvWuljngt1ZNmPDPe9NrR2Df8oasV7qwMpELbQIplqVT:6pL7SVRciXFteuljuZMPavrRytaIqzuR
Behavioral task
behavioral1
Sample
8765a5e1f007f0063ab6d1f55a986fe8_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
aaaa608
handsomehearteng.zapto.org:1608
DC_MUTEX-WPKUFHB
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nlbQUbAhW2Ce
-
install
true
-
offline_keylogger
false
-
password
123456
-
persistence
false
-
reg_key
MicroUpdate
Extracted
latentbot
handsomehearteng.zapto.org
Targets
-
-
Target
8765a5e1f007f0063ab6d1f55a986fe8_JaffaCakes118
-
Size
1.5MB
-
MD5
8765a5e1f007f0063ab6d1f55a986fe8
-
SHA1
0df249f5c7d9e6bb91c73a8fd7651d186571b97c
-
SHA256
df11a1c9b0f856c56cde814e93905525b87b81ad089fee0e5f8ac685fd582fba
-
SHA512
4eb5ca1663b452f80062df5a5f91630d3c7def41c334118d1b4a4862ad642fb3d7960f56b32082ff5fbff2b78a9fbc11961b949c4f1e765a144fa4f959658038
-
SSDEEP
24576:6MKL7S6ZU6+7oiXkgPDBfvWuljngt1ZNmPDPe9NrR2Df8oasV7qwMpELbQIplqVT:6pL7SVRciXFteuljuZMPavrRytaIqzuR
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1