General
-
Target
8ceb8ac17d21b6a69dcb9dada02fe686_JaffaCakes118
-
Size
400KB
-
Sample
240812-cp13na1apj
-
MD5
8ceb8ac17d21b6a69dcb9dada02fe686
-
SHA1
37a2fa9c7d278f8c106f087136653f0b9002e976
-
SHA256
0204b973fd46c6129f9017ecec399412c990c106b4bb23ab045a50a3b274efec
-
SHA512
0959569df64fbd9dbbb8da7843bb57dea4c3ac3edcc958052e7c132e9e2217b5510e071a98b1cb37bee6498bd09a8b0e7af8f3bc16d24400f1f07519730f722e
-
SSDEEP
6144:IF7wDQUwmdpdXcXVYO/yx2MK7D9EgHq/t6OFIMdWnpQZh9h4NLLKjc769/cE6:IeDqyKPT7fK6O2Md0QZh9uQjc769k5
Static task
static1
Behavioral task
behavioral1
Sample
8ceb8ac17d21b6a69dcb9dada02fe686_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
192.168.1.88:1604
mangerpop.hopto.org:1604
DC_MUTEX-5UP3J49
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
roLHG4YvnZgu
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8ceb8ac17d21b6a69dcb9dada02fe686_JaffaCakes118
-
Size
400KB
-
MD5
8ceb8ac17d21b6a69dcb9dada02fe686
-
SHA1
37a2fa9c7d278f8c106f087136653f0b9002e976
-
SHA256
0204b973fd46c6129f9017ecec399412c990c106b4bb23ab045a50a3b274efec
-
SHA512
0959569df64fbd9dbbb8da7843bb57dea4c3ac3edcc958052e7c132e9e2217b5510e071a98b1cb37bee6498bd09a8b0e7af8f3bc16d24400f1f07519730f722e
-
SSDEEP
6144:IF7wDQUwmdpdXcXVYO/yx2MK7D9EgHq/t6OFIMdWnpQZh9h4NLLKjc769/cE6:IeDqyKPT7fK6O2Md0QZh9uQjc769k5
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3