General
-
Target
00dedf9c43fde32d6f9fbbde606d768c_JaffaCakes118
-
Size
658KB
-
Sample
240930-mk1ansvcpf
-
MD5
00dedf9c43fde32d6f9fbbde606d768c
-
SHA1
219472ef5a94f652b967296d9c073f76a3e71b51
-
SHA256
405fda89c000e10b27c126a5ffb4e1d1ce6a4dd80a3f5a2da1fb0a8ddadc7fc2
-
SHA512
c39518ad3e4ced0caade50177db2705a2801a658afd453e730b09b7847cd0520136d0ac8320e67a86854d99b8ca3644e74a120e5aba2f7d1d3dddb87600ea892
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hK:+Z1xuVVjfFoynPaVBUR8f+kN10EB4
Behavioral task
behavioral1
Sample
00dedf9c43fde32d6f9fbbde606d768c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
00dedf9c43fde32d6f9fbbde606d768c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
darkcomet
Guest16_min
adnan.no-ip.org:1604
DCMIN_MUTEX-WWB71BG
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
c0bAVg01suzC
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
dvc
Targets
-
-
Target
00dedf9c43fde32d6f9fbbde606d768c_JaffaCakes118
-
Size
658KB
-
MD5
00dedf9c43fde32d6f9fbbde606d768c
-
SHA1
219472ef5a94f652b967296d9c073f76a3e71b51
-
SHA256
405fda89c000e10b27c126a5ffb4e1d1ce6a4dd80a3f5a2da1fb0a8ddadc7fc2
-
SHA512
c39518ad3e4ced0caade50177db2705a2801a658afd453e730b09b7847cd0520136d0ac8320e67a86854d99b8ca3644e74a120e5aba2f7d1d3dddb87600ea892
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hK:+Z1xuVVjfFoynPaVBUR8f+kN10EB4
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1