General
-
Target
55ef299dc3a3c80f25554923566ac6a0_JaffaCakes118
-
Size
964KB
-
Sample
241018-g5e8casbje
-
MD5
55ef299dc3a3c80f25554923566ac6a0
-
SHA1
55313910c1e6c2c8b9aaf718032abec535827f7b
-
SHA256
b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9
-
SHA512
ecb41fa1838b88205ea28514d2483044e36057a67743e712f8653497e5e24fe56ac9662fd2b05de634eaa945d639cc29e516323e906aff67725420d9800fc557
-
SSDEEP
24576:O/9tT24rAjDLG50Xot0fvF+2rGVvELMR2mA6O:OrUL4taI2O52xL
Behavioral task
behavioral1
Sample
55ef299dc3a3c80f25554923566ac6a0_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
FUD Crypt
wcrat2.no-ip.org:201
DC_MUTEX-F9SVRHH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
j6CuqwUwAD5D
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
msdcsc.exe
Targets
-
-
Target
55ef299dc3a3c80f25554923566ac6a0_JaffaCakes118
-
Size
964KB
-
MD5
55ef299dc3a3c80f25554923566ac6a0
-
SHA1
55313910c1e6c2c8b9aaf718032abec535827f7b
-
SHA256
b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9
-
SHA512
ecb41fa1838b88205ea28514d2483044e36057a67743e712f8653497e5e24fe56ac9662fd2b05de634eaa945d639cc29e516323e906aff67725420d9800fc557
-
SSDEEP
24576:O/9tT24rAjDLG50Xot0fvF+2rGVvELMR2mA6O:OrUL4taI2O52xL
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1