General
-
Target
8857b84e74bd78ad49f04f6f8d0ce65a_JaffaCakes118
-
Size
1.6MB
-
Sample
240811-a5la2a1dnd
-
MD5
8857b84e74bd78ad49f04f6f8d0ce65a
-
SHA1
b9516b7c3e012535e0d75d01bf66cd661fbaeda0
-
SHA256
3f48a0ac6fd7487e22566c17ca1eda2bc9bede54adb53cc12bcd6a6afd23cc71
-
SHA512
4818fb05aa0f43ae4ebd1fe39331a4eaacd9213ba5a8921407a221eceec7b5f2ce9fd5299a24837d0e84e4adb4b1a328190631678b32da19ab6695308ab2ae61
-
SSDEEP
49152:zPOhSRsMd24IAMVS5fBizT8JIJwzm1P/zqawHC44sv:7Oad24IBVpoqum1P/zqE44sv
Behavioral task
behavioral1
Sample
8857b84e74bd78ad49f04f6f8d0ce65a_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
black-ghost.no-ip.info:1604
192.168.1.2:1604
DC_MUTEX-3M3BF1V
-
gencode
fXTP1ELrNGMR
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8857b84e74bd78ad49f04f6f8d0ce65a_JaffaCakes118
-
Size
1.6MB
-
MD5
8857b84e74bd78ad49f04f6f8d0ce65a
-
SHA1
b9516b7c3e012535e0d75d01bf66cd661fbaeda0
-
SHA256
3f48a0ac6fd7487e22566c17ca1eda2bc9bede54adb53cc12bcd6a6afd23cc71
-
SHA512
4818fb05aa0f43ae4ebd1fe39331a4eaacd9213ba5a8921407a221eceec7b5f2ce9fd5299a24837d0e84e4adb4b1a328190631678b32da19ab6695308ab2ae61
-
SSDEEP
49152:zPOhSRsMd24IAMVS5fBizT8JIJwzm1P/zqawHC44sv:7Oad24IBVpoqum1P/zqE44sv
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1