General
-
Target
8f843c6cf42e4d4daa1d73f3bfda1394_JaffaCakes118
-
Size
4.3MB
-
Sample
240812-vcp4qsvaka
-
MD5
8f843c6cf42e4d4daa1d73f3bfda1394
-
SHA1
56cda333385061ea2e992c231be3bfa89749d8ba
-
SHA256
5066abf8a093430b66f0a52f08aef0bb0d2d1100d098f1e8282e3f63c8f15eac
-
SHA512
63a5f41a9b072ebf1fc446106576d87f835832c5c9779ffc56f3f11ca46db1db9ab59786036cfbbe004a41d8f26755a46b4338e5b4f19f26136c2148d2b903ce
-
SSDEEP
98304:XVMn+wM3000DHEMkQkTRSk1Ug+uaVfQ6ab6b+f:X+n+wm0PNkkuahGby
Behavioral task
behavioral1
Sample
8f843c6cf42e4d4daa1d73f3bfda1394_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
cometa.no-ip.info:1604
DC_MUTEX-42DMZQ9
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
G2idcVn9ijrC
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8f843c6cf42e4d4daa1d73f3bfda1394_JaffaCakes118
-
Size
4.3MB
-
MD5
8f843c6cf42e4d4daa1d73f3bfda1394
-
SHA1
56cda333385061ea2e992c231be3bfa89749d8ba
-
SHA256
5066abf8a093430b66f0a52f08aef0bb0d2d1100d098f1e8282e3f63c8f15eac
-
SHA512
63a5f41a9b072ebf1fc446106576d87f835832c5c9779ffc56f3f11ca46db1db9ab59786036cfbbe004a41d8f26755a46b4338e5b4f19f26136c2148d2b903ce
-
SSDEEP
98304:XVMn+wM3000DHEMkQkTRSk1Ug+uaVfQ6ab6b+f:X+n+wm0PNkkuahGby
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1