General
-
Target
d07bcdb36f35bf24e342d79b283d4736_JaffaCakes118
-
Size
757KB
-
Sample
241207-d76xasznhp
-
MD5
d07bcdb36f35bf24e342d79b283d4736
-
SHA1
86846508139a6cc8c576cd10f86bda2096e6048e
-
SHA256
e7813efc004e1fe87183364305a71cf4e71a4982d9c9db256e832d9ae33f5cdb
-
SHA512
5f3e1449187497264f7ba726887141af7a66aa63676f17229212e79c0b15959016f1917ab9c0dca80df0d61e9dee3bfe63372e8911edb4bcb31d9b6d2a34f6ee
-
SSDEEP
12288:x9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKUG:HAQ6Zx9cxTmOrucTIEFSpOG8
Behavioral task
behavioral1
Sample
d07bcdb36f35bf24e342d79b283d4736_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
d07bcdb36f35bf24e342d79b283d4736_JaffaCakes118
-
Size
757KB
-
MD5
d07bcdb36f35bf24e342d79b283d4736
-
SHA1
86846508139a6cc8c576cd10f86bda2096e6048e
-
SHA256
e7813efc004e1fe87183364305a71cf4e71a4982d9c9db256e832d9ae33f5cdb
-
SHA512
5f3e1449187497264f7ba726887141af7a66aa63676f17229212e79c0b15959016f1917ab9c0dca80df0d61e9dee3bfe63372e8911edb4bcb31d9b6d2a34f6ee
-
SSDEEP
12288:x9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKUG:HAQ6Zx9cxTmOrucTIEFSpOG8
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5