General
-
Target
942a036d89adc9c5be8e7b3f5c9539e1_JaffaCakes118
-
Size
724KB
-
Sample
240813-wnsvfaybja
-
MD5
942a036d89adc9c5be8e7b3f5c9539e1
-
SHA1
dd02be7aee2b4586ecb9c8fc11b4b81e2c504e76
-
SHA256
ee4e81f41e6e2aa027fad06d0186eb3783445e36043c6f4d6d427526b0c2d717
-
SHA512
4f640066b909910cbc99440edd7fd7b406c9777c0e6a2d0d732a5173424b95c2e16fca3fe66982813fb8d7176b9823068618de97d33a81c597c794f12b9bb9d8
-
SSDEEP
12288:jjo5Ef0afX7IIpRVefojv1g3+jps0c53f5hrgxo1u+B:jXf08RJpgu4f4eou
Static task
static1
Behavioral task
behavioral1
Sample
942a036d89adc9c5be8e7b3f5c9539e1_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
Guest16
mohamedmmk.zapto.org:82
DC_MUTEX-L1KB0QQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
LN0J2LLsllhH
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
942a036d89adc9c5be8e7b3f5c9539e1_JaffaCakes118
-
Size
724KB
-
MD5
942a036d89adc9c5be8e7b3f5c9539e1
-
SHA1
dd02be7aee2b4586ecb9c8fc11b4b81e2c504e76
-
SHA256
ee4e81f41e6e2aa027fad06d0186eb3783445e36043c6f4d6d427526b0c2d717
-
SHA512
4f640066b909910cbc99440edd7fd7b406c9777c0e6a2d0d732a5173424b95c2e16fca3fe66982813fb8d7176b9823068618de97d33a81c597c794f12b9bb9d8
-
SSDEEP
12288:jjo5Ef0afX7IIpRVefojv1g3+jps0c53f5hrgxo1u+B:jXf08RJpgu4f4eou
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1