General
-
Target
88f2ea17a90d31b673d1a54e25477756_JaffaCakes118
-
Size
804KB
-
Sample
240811-espvxavbrl
-
MD5
88f2ea17a90d31b673d1a54e25477756
-
SHA1
ac58cdd1ca9ef4c33682d5403169d2d8e4116648
-
SHA256
e37abad92404bba98bc23c66ae860cdf6a99d417f1ec32e86b4b6ea7dd5d61f9
-
SHA512
3362e64ff382bd6f5aca75060df2ace3b987ab59f3ab38c2152bfec28b0efb36c9b32739aea374ad6c4f4125463ce174cef3f94e43e124faa0eeba302d2800d3
-
SSDEEP
12288:DYBwvN79lQW+Xdan4vSSCLj5ggdZzyVNPrYZzfKsgRVNlMZt8K/bvHMtvk:DAwvN79lWNan42jO8sWLjolmtdMJk
Static task
static1
Behavioral task
behavioral1
Sample
88f2ea17a90d31b673d1a54e25477756_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
88f2ea17a90d31b673d1a54e25477756_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
darkcomet
HydraAntivirüs
127.0.0.1:1604
hydrahydra1907.zapto.org:1604
DC_MUTEX-N3ACU05
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Bj3PNgEjTbH5
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Extracted
latentbot
hydrahydra1907.zapto.org
Targets
-
-
Target
88f2ea17a90d31b673d1a54e25477756_JaffaCakes118
-
Size
804KB
-
MD5
88f2ea17a90d31b673d1a54e25477756
-
SHA1
ac58cdd1ca9ef4c33682d5403169d2d8e4116648
-
SHA256
e37abad92404bba98bc23c66ae860cdf6a99d417f1ec32e86b4b6ea7dd5d61f9
-
SHA512
3362e64ff382bd6f5aca75060df2ace3b987ab59f3ab38c2152bfec28b0efb36c9b32739aea374ad6c4f4125463ce174cef3f94e43e124faa0eeba302d2800d3
-
SSDEEP
12288:DYBwvN79lQW+Xdan4vSSCLj5ggdZzyVNPrYZzfKsgRVNlMZt8K/bvHMtvk:DAwvN79lWNan42jO8sWLjolmtdMJk
-
Modifies WinLogon for persistence
-
Modifies security service
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7