General
-
Target
e61acbbe8d56d25353e59ad455fc2d0f_JaffaCakes118
-
Size
703KB
-
Sample
241212-nacx3atrbj
-
MD5
e61acbbe8d56d25353e59ad455fc2d0f
-
SHA1
8a1732f7181c45cec4392dbe6ec8bac518fa8e75
-
SHA256
d2fae7ef9a11f7775d69a40f704e276966680da6f3789a5babfcd18fd943529a
-
SHA512
12027b8eb60c647c2a560980c2c7cca96c65991593563af321a1dae0351b42d733f6fda68cd0fc050e4c06dfbae9480a78d1778dc725b390a58b032d87785969
-
SSDEEP
12288:o1iq/ujdrDqfnDqPoM7yowPeLddpSa/M4bkFzK/igahDyXhGr76:o1A4f4+owyO4AFzbBhuX06
Static task
static1
Behavioral task
behavioral1
Sample
e61acbbe8d56d25353e59ad455fc2d0f_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
e61acbbe8d56d25353e59ad455fc2d0f_JaffaCakes118
-
Size
703KB
-
MD5
e61acbbe8d56d25353e59ad455fc2d0f
-
SHA1
8a1732f7181c45cec4392dbe6ec8bac518fa8e75
-
SHA256
d2fae7ef9a11f7775d69a40f704e276966680da6f3789a5babfcd18fd943529a
-
SHA512
12027b8eb60c647c2a560980c2c7cca96c65991593563af321a1dae0351b42d733f6fda68cd0fc050e4c06dfbae9480a78d1778dc725b390a58b032d87785969
-
SSDEEP
12288:o1iq/ujdrDqfnDqPoM7yowPeLddpSa/M4bkFzK/igahDyXhGr76:o1A4f4+owyO4AFzbBhuX06
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1