General
-
Target
8783017c005439b3d0f2b3f18a9bcf5d_JaffaCakes118
-
Size
650KB
-
Sample
240810-yz68bawdlp
-
MD5
8783017c005439b3d0f2b3f18a9bcf5d
-
SHA1
828d4785737e2c2b044a53b951a605928e2d200d
-
SHA256
c29308769e6ac527151045a127d4a19a4eca8c978979f8e0b1b8b813b1928677
-
SHA512
de2de12db3122ac52b333b3e05d385f696b1747dab2e90bed396337dcfbc7f9728444b72436f507ec66ccd7f804c7ee2c81dca160cadd5390738815f267ef379
-
SSDEEP
12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+J:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+G8
Behavioral task
behavioral1
Sample
8783017c005439b3d0f2b3f18a9bcf5d_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
mnanauk-dz.no-ip.biz:1604
DC_MUTEX-EB46CLG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rpfQbN9b66NT
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8783017c005439b3d0f2b3f18a9bcf5d_JaffaCakes118
-
Size
650KB
-
MD5
8783017c005439b3d0f2b3f18a9bcf5d
-
SHA1
828d4785737e2c2b044a53b951a605928e2d200d
-
SHA256
c29308769e6ac527151045a127d4a19a4eca8c978979f8e0b1b8b813b1928677
-
SHA512
de2de12db3122ac52b333b3e05d385f696b1747dab2e90bed396337dcfbc7f9728444b72436f507ec66ccd7f804c7ee2c81dca160cadd5390738815f267ef379
-
SSDEEP
12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+J:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+G8
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1