General
-
Target
e516dbf12f1aa8136f1b3463f544191c_JaffaCakes118
-
Size
719KB
-
Sample
241212-g4tdksxmgk
-
MD5
e516dbf12f1aa8136f1b3463f544191c
-
SHA1
544c5c5e5f867354509f1f4b072e487a7f3198a9
-
SHA256
497d9334bc0bbbbc975d0d5bce327738f9ac23dc65b9599655217d2c3c0a9149
-
SHA512
a50028c75acd2df3848a673f7c44b77679fb0dc811edfa99674992915fb6e0518e4388f8d283622063db322fc93b26921068d279a546cdc7f1201328f6751311
-
SSDEEP
12288:tpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIb:PwAcu99lPzvxP+Bsz2XjWTRMQckkIb
Behavioral task
behavioral1
Sample
e516dbf12f1aa8136f1b3463f544191c_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
e516dbf12f1aa8136f1b3463f544191c_JaffaCakes118
-
Size
719KB
-
MD5
e516dbf12f1aa8136f1b3463f544191c
-
SHA1
544c5c5e5f867354509f1f4b072e487a7f3198a9
-
SHA256
497d9334bc0bbbbc975d0d5bce327738f9ac23dc65b9599655217d2c3c0a9149
-
SHA512
a50028c75acd2df3848a673f7c44b77679fb0dc811edfa99674992915fb6e0518e4388f8d283622063db322fc93b26921068d279a546cdc7f1201328f6751311
-
SSDEEP
12288:tpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIb:PwAcu99lPzvxP+Bsz2XjWTRMQckkIb
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4