General
-
Target
9529007b60abba98ec81e958389d55c2_JaffaCakes118
-
Size
980KB
-
Sample
240814-jcnp5avdlq
-
MD5
9529007b60abba98ec81e958389d55c2
-
SHA1
60b2736f2cc80d297b5b095ca3aa1ac3d1154221
-
SHA256
5805a4b0fa6f01603413da235f21ac65a1e774986b39e702311283cbd058d52d
-
SHA512
54c8ac45737705ecb094d2a55ffa504e99afad4ec5b4b57809fed7a56b64b373cff5858b4aaf42a6b8ca5e4c25f1a69f5d6e53f8a87c96598c6c60e047a6ed0e
-
SSDEEP
24576:4/tDKfnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfp:4JsELbVMTrOq4
Behavioral task
behavioral1
Sample
9529007b60abba98ec81e958389d55c2_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
174.64.189.203:1337
DC_MUTEX-GQXYBHC
-
gencode
o9gtPa3gdZfv
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
darkcomet
N00b
idaniel.servebeer.com:1245
idaniel.servebeer.com:1244
127.0.0.1:1244
127.0.0.1:1245
75.138.81.18:1245
75.138.81.18:1244
192.168.1.104:1244
192.168.1.104:1245
DC_MUTEX-3W5SST7
-
InstallPath
SKYPE\skype.exe
-
gencode
uBzz65arFAWd
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9529007b60abba98ec81e958389d55c2_JaffaCakes118
-
Size
980KB
-
MD5
9529007b60abba98ec81e958389d55c2
-
SHA1
60b2736f2cc80d297b5b095ca3aa1ac3d1154221
-
SHA256
5805a4b0fa6f01603413da235f21ac65a1e774986b39e702311283cbd058d52d
-
SHA512
54c8ac45737705ecb094d2a55ffa504e99afad4ec5b4b57809fed7a56b64b373cff5858b4aaf42a6b8ca5e4c25f1a69f5d6e53f8a87c96598c6c60e047a6ed0e
-
SSDEEP
24576:4/tDKfnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfp:4JsELbVMTrOq4
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1