General
-
Target
d385e227d4ea2c72930ea472d89619b2_JaffaCakes118
-
Size
976KB
-
Sample
241207-zf6m4ssncv
-
MD5
d385e227d4ea2c72930ea472d89619b2
-
SHA1
1abc99de85193f01da5c98827c166c57392f78a5
-
SHA256
8e253716ab5ef33e07f2a2b922d2d820e84f2bdfa714e20601892baebddb2783
-
SHA512
76b4fc960c44b79187cd49417b77964d0366693efb6e15eb00d4a1befe380886d8a3b979496fe0f180432d670f9cecf28fd4e7d16a87ef7810cf1ba4afca8d45
-
SSDEEP
24576:7BgymA1F+WX8vXluMPVlj+ngLNwTmJM8Db5iivU:Z1p8ASUmS8ZY
Static task
static1
Behavioral task
behavioral1
Sample
d385e227d4ea2c72930ea472d89619b2_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
d385e227d4ea2c72930ea472d89619b2_JaffaCakes118
-
Size
976KB
-
MD5
d385e227d4ea2c72930ea472d89619b2
-
SHA1
1abc99de85193f01da5c98827c166c57392f78a5
-
SHA256
8e253716ab5ef33e07f2a2b922d2d820e84f2bdfa714e20601892baebddb2783
-
SHA512
76b4fc960c44b79187cd49417b77964d0366693efb6e15eb00d4a1befe380886d8a3b979496fe0f180432d670f9cecf28fd4e7d16a87ef7810cf1ba4afca8d45
-
SSDEEP
24576:7BgymA1F+WX8vXluMPVlj+ngLNwTmJM8Db5iivU:Z1p8ASUmS8ZY
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3