General
-
Target
d1b3081a636169e5848796b021d3a665_JaffaCakes118
-
Size
742KB
-
Sample
241207-la3sdawlgs
-
MD5
d1b3081a636169e5848796b021d3a665
-
SHA1
c21354fb6d57025cf78858d6f56d7a50070bcc90
-
SHA256
56c74ddbfc9aa198469fb850087f4da61b84a6988b0785cdd77a106126088716
-
SHA512
db10e4e8db2d14c13ec350ae8528462cfdc2df5ac869a439572efaf7e0670563938eca6595ef2cb5bca6147b8bb1693337f3f1ba9122d55b3529de42b24fe3ba
-
SSDEEP
12288:wI7XNvs/CX0dSTw5ROPcE1l3EOwQEtCFCCS9pCc4RUOoOMTozFrx4JLNuUGh2lAY:HvsKX0EwiPcKl3utCFdbcrOoOMarxoc
Static task
static1
Behavioral task
behavioral1
Sample
d1b3081a636169e5848796b021d3a665_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1b3081a636169e5848796b021d3a665_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d1b3081a636169e5848796b021d3a665_JaffaCakes118
-
Size
742KB
-
MD5
d1b3081a636169e5848796b021d3a665
-
SHA1
c21354fb6d57025cf78858d6f56d7a50070bcc90
-
SHA256
56c74ddbfc9aa198469fb850087f4da61b84a6988b0785cdd77a106126088716
-
SHA512
db10e4e8db2d14c13ec350ae8528462cfdc2df5ac869a439572efaf7e0670563938eca6595ef2cb5bca6147b8bb1693337f3f1ba9122d55b3529de42b24fe3ba
-
SSDEEP
12288:wI7XNvs/CX0dSTw5ROPcE1l3EOwQEtCFCCS9pCc4RUOoOMTozFrx4JLNuUGh2lAY:HvsKX0EwiPcKl3utCFdbcrOoOMarxoc
Score10/10-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1