General
-
Target
953cac36ad995b544a16b2cf5841f79c_JaffaCakes118
-
Size
473KB
-
Sample
240814-js2xpa1cqe
-
MD5
953cac36ad995b544a16b2cf5841f79c
-
SHA1
589c533ce0db568d091ba4ccc86ea25b91e2e3ae
-
SHA256
465b041270e4ea001647e4230a269b3eb0670401a9e936317f221c491b1e4bb3
-
SHA512
7b1dfc9f266f5385e183f3f18d93ddb8927178a7fef5d261df7b21a81062772ac141e5339f4811e7d8a00d796b585e0a6f97cf06e53bdfeee0077fb723546554
-
SSDEEP
12288:Xl8E4w5huat7UovONzbXw6a36ZNg7KbcGLSu/kA:TdhHwNzbX6qZNg7KgGuu
Behavioral task
behavioral1
Sample
953cac36ad995b544a16b2cf5841f79c_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Extracted
darkcomet
Guest16
killersmille.no-ip.org:1604
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
0mJUZ3FxjSEM
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
953cac36ad995b544a16b2cf5841f79c_JaffaCakes118
-
Size
473KB
-
MD5
953cac36ad995b544a16b2cf5841f79c
-
SHA1
589c533ce0db568d091ba4ccc86ea25b91e2e3ae
-
SHA256
465b041270e4ea001647e4230a269b3eb0670401a9e936317f221c491b1e4bb3
-
SHA512
7b1dfc9f266f5385e183f3f18d93ddb8927178a7fef5d261df7b21a81062772ac141e5339f4811e7d8a00d796b585e0a6f97cf06e53bdfeee0077fb723546554
-
SSDEEP
12288:Xl8E4w5huat7UovONzbXw6a36ZNg7KbcGLSu/kA:TdhHwNzbX6qZNg7KgGuu
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
7