General
-
Target
98b7fd0528de9b2c632ac6f4e8a6116f_JaffaCakes118
-
Size
279KB
-
Sample
240815-dtz7lasaqh
-
MD5
98b7fd0528de9b2c632ac6f4e8a6116f
-
SHA1
61a7dbc20aca7b24153882b7a8cd2dbef16f8ed1
-
SHA256
79b53cdf26a1ab0937017ab940fa0c1007a974cf9ab90dc4ec9fac5a6536feaf
-
SHA512
d2a165350e5bdb7d9fd01c0504451702a2c3d841898f10cc3a7054b25664a071631913ae577c28879499a8b6e99dd669d9273d1b6d8ef5628617e1003bed2855
-
SSDEEP
6144:woMUmoD2qJqFMw+iz3Wygrfa/OONKDKjz+kBSsGEeHzAeKHrXElCEXpb:wohfwFMwbzGbri/BKDtkQEeHzoLrEX
Static task
static1
Behavioral task
behavioral1
Sample
98b7fd0528de9b2c632ac6f4e8a6116f_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
smr9.no-ip.org:1604
DC_MUTEX-NJSZLY8
-
InstallPath
MSDCSC\lsass.exe
-
gencode
6xtSkc229rlk
-
install
true
-
offline_keylogger
false
-
password
123456
-
persistence
true
-
reg_key
lsass.exe
Targets
-
-
Target
98b7fd0528de9b2c632ac6f4e8a6116f_JaffaCakes118
-
Size
279KB
-
MD5
98b7fd0528de9b2c632ac6f4e8a6116f
-
SHA1
61a7dbc20aca7b24153882b7a8cd2dbef16f8ed1
-
SHA256
79b53cdf26a1ab0937017ab940fa0c1007a974cf9ab90dc4ec9fac5a6536feaf
-
SHA512
d2a165350e5bdb7d9fd01c0504451702a2c3d841898f10cc3a7054b25664a071631913ae577c28879499a8b6e99dd669d9273d1b6d8ef5628617e1003bed2855
-
SSDEEP
6144:woMUmoD2qJqFMw+iz3Wygrfa/OONKDKjz+kBSsGEeHzAeKHrXElCEXpb:wohfwFMwbzGbri/BKDtkQEeHzoLrEX
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1