General
-
Target
8a3babb47d9bbcb82de6385a929eec89_JaffaCakes118
-
Size
284KB
-
Sample
240811-nvv95sscqa
-
MD5
8a3babb47d9bbcb82de6385a929eec89
-
SHA1
8a0a85f0b6f179b05864a4e9b92f0454f30cd80d
-
SHA256
9838e229ca80d7d2f1a9d67a83014127b3bed58cf3941be5ebb7313285e1992e
-
SHA512
4fede170279f4945566e73c52ddb0d4ea477386fca89731121f627b046d0d3798d7c52a11701a6a9dc3e0e319904e8a70d2a8abd09a081980a86037c3e9d2945
-
SSDEEP
6144:NMI/jlS4kCwHL76nz9Q3uR5LTYYBIsHhl:NMQlS9Cwr79uLLTvBIYhl
Behavioral task
behavioral1
Sample
8a3babb47d9bbcb82de6385a929eec89_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
84.128.66.246:1604
DC_MUTEX-VQDFNGM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
YKec4W0NVa4f
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8a3babb47d9bbcb82de6385a929eec89_JaffaCakes118
-
Size
284KB
-
MD5
8a3babb47d9bbcb82de6385a929eec89
-
SHA1
8a0a85f0b6f179b05864a4e9b92f0454f30cd80d
-
SHA256
9838e229ca80d7d2f1a9d67a83014127b3bed58cf3941be5ebb7313285e1992e
-
SHA512
4fede170279f4945566e73c52ddb0d4ea477386fca89731121f627b046d0d3798d7c52a11701a6a9dc3e0e319904e8a70d2a8abd09a081980a86037c3e9d2945
-
SSDEEP
6144:NMI/jlS4kCwHL76nz9Q3uR5LTYYBIsHhl:NMQlS9Cwr79uLLTvBIYhl
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7