General
-
Target
9aad53c1816a10d9875822406fba4ad6_JaffaCakes118
-
Size
3.5MB
-
Sample
240815-tgde3azgph
-
MD5
9aad53c1816a10d9875822406fba4ad6
-
SHA1
48249d79171c92eeff1c12eca76e89768f98aaad
-
SHA256
0e9372b0f783ab0f317fa2922b3441e823fd392c18373fd5f6adeadcd44645f7
-
SHA512
c34c65a0687bd46620e74d20271c353bff1f6bbc80df25bfa2a1fe5aed48a95f4e79fe9594ae37572e5d71485e49b014e6b237e9c6843e11b7887b6c588bcad3
-
SSDEEP
98304:pvT2uWHkuIBKGMzkj455yEjYOpCmtyFq1:pvToHkuIIj04GE1p3kF
Behavioral task
behavioral1
Sample
9aad53c1816a10d9875822406fba4ad6_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
Guest16
love88.no-ip.biz:1604
DC_MUTEX-5TQYMKP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
0gYS03wEsF8t
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9aad53c1816a10d9875822406fba4ad6_JaffaCakes118
-
Size
3.5MB
-
MD5
9aad53c1816a10d9875822406fba4ad6
-
SHA1
48249d79171c92eeff1c12eca76e89768f98aaad
-
SHA256
0e9372b0f783ab0f317fa2922b3441e823fd392c18373fd5f6adeadcd44645f7
-
SHA512
c34c65a0687bd46620e74d20271c353bff1f6bbc80df25bfa2a1fe5aed48a95f4e79fe9594ae37572e5d71485e49b014e6b237e9c6843e11b7887b6c588bcad3
-
SSDEEP
98304:pvT2uWHkuIBKGMzkj455yEjYOpCmtyFq1:pvToHkuIIj04GE1p3kF
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1