General
-
Target
8c82de32ab2b407451b9fc054c09f717_JaffaCakes118
-
Size
1.0MB
-
Sample
240812-aad88svhlm
-
MD5
8c82de32ab2b407451b9fc054c09f717
-
SHA1
91efbb83a49f55f938465a7e0b5772ebe16aab9d
-
SHA256
0c2b513e363661f0be0979326dbd243340a10a57b2a533cd0f458cc306a251ce
-
SHA512
5724a4694c09b4c31989caa4c9b8807d8c976a02c91e145a0b14ef412800b9509447f36dfe94feb186c4195057dde8a89e1e2b798d36d11767b9f72e7b5804e8
-
SSDEEP
3072:oTngsxpsolJiMbfUM5mQ1+Y03qL7fZjLs3a2ACZaxaYLdViQ7aWVbqDqudD4lxsc:b/Srz
Static task
static1
Behavioral task
behavioral1
Sample
8c82de32ab2b407451b9fc054c09f717_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
ayada.no-ip.info:1604
ayada
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZZvdly66bTkk
-
install
true
-
offline_keylogger
true
-
password
999999999
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
8c82de32ab2b407451b9fc054c09f717_JaffaCakes118
-
Size
1.0MB
-
MD5
8c82de32ab2b407451b9fc054c09f717
-
SHA1
91efbb83a49f55f938465a7e0b5772ebe16aab9d
-
SHA256
0c2b513e363661f0be0979326dbd243340a10a57b2a533cd0f458cc306a251ce
-
SHA512
5724a4694c09b4c31989caa4c9b8807d8c976a02c91e145a0b14ef412800b9509447f36dfe94feb186c4195057dde8a89e1e2b798d36d11767b9f72e7b5804e8
-
SSDEEP
3072:oTngsxpsolJiMbfUM5mQ1+Y03qL7fZjLs3a2ACZaxaYLdViQ7aWVbqDqudD4lxsc:b/Srz
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1