General
-
Target
8bdd66de383bb00ce035f43a2d45f7ee_JaffaCakes118
-
Size
650KB
-
Sample
240811-zbzc8swhpq
-
MD5
8bdd66de383bb00ce035f43a2d45f7ee
-
SHA1
7c98f01085dd9e6ae04059d2915fb2ddea552439
-
SHA256
dfaa9c45005fbc1190e18567d4f4b9bbd651f539c4aa6249f5bdc0eb7576672c
-
SHA512
4945b28eb3517306f948e72fe0dfe46e8775f2fdf5c55d1b35565b52e6b7fc311419a9256bf22e0b6947d89bd076be586e08e78625fd75dc097d5c586afa8ac3
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+D:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GS
Behavioral task
behavioral1
Sample
8bdd66de383bb00ce035f43a2d45f7ee_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
violatorhf.no-ip.org:1604
DC_MUTEX-JHDB4Y2
-
InstallPath
Explorer\explorer.exe
-
gencode
DJjy391Alxs4
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
svchost.exe
Targets
-
-
Target
8bdd66de383bb00ce035f43a2d45f7ee_JaffaCakes118
-
Size
650KB
-
MD5
8bdd66de383bb00ce035f43a2d45f7ee
-
SHA1
7c98f01085dd9e6ae04059d2915fb2ddea552439
-
SHA256
dfaa9c45005fbc1190e18567d4f4b9bbd651f539c4aa6249f5bdc0eb7576672c
-
SHA512
4945b28eb3517306f948e72fe0dfe46e8775f2fdf5c55d1b35565b52e6b7fc311419a9256bf22e0b6947d89bd076be586e08e78625fd75dc097d5c586afa8ac3
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+D:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GS
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1