General
-
Target
d72d4fa102e2e46cc1a3153f68eae4f7_JaffaCakes118
-
Size
812KB
-
Sample
241208-qasdvsyqcq
-
MD5
d72d4fa102e2e46cc1a3153f68eae4f7
-
SHA1
a43588d0cf65fe5a1c18edd8223485d0f9d093f2
-
SHA256
c961504e0161888d7a137cc6ff8a609c8477711b5e6c70614867345a91184451
-
SHA512
a6a6370cb3f602b52213aa8cc6e6f919e507190436611c25806909b28cb2b1925ce190a8945d3973a7bc353c39387b3d013ed0ffb7665e17106f30a066ef2ba5
-
SSDEEP
12288:kaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdT:VAEENIq8XwyVPQclDq/+WnpsS
Behavioral task
behavioral1
Sample
d72d4fa102e2e46cc1a3153f68eae4f7_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
d72d4fa102e2e46cc1a3153f68eae4f7_JaffaCakes118
-
Size
812KB
-
MD5
d72d4fa102e2e46cc1a3153f68eae4f7
-
SHA1
a43588d0cf65fe5a1c18edd8223485d0f9d093f2
-
SHA256
c961504e0161888d7a137cc6ff8a609c8477711b5e6c70614867345a91184451
-
SHA512
a6a6370cb3f602b52213aa8cc6e6f919e507190436611c25806909b28cb2b1925ce190a8945d3973a7bc353c39387b3d013ed0ffb7665e17106f30a066ef2ba5
-
SSDEEP
12288:kaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdT:VAEENIq8XwyVPQclDq/+WnpsS
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies security service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1