General
-
Target
f1fba390156ecf5fd54a788ce6014017_JaffaCakes118
-
Size
443KB
-
Sample
241215-dj6avstpdr
-
MD5
f1fba390156ecf5fd54a788ce6014017
-
SHA1
52f0f84f2a3c3e749a748a2a3e5532eff7500463
-
SHA256
f004d8af06d317be8c725af9f0a0b07ad8e7232da8d96d95e773b8e28e6acfec
-
SHA512
b4c91fffcb0d88012799b6f880cfe2ee82b2a632cab0370285a6751b0df4ab3bbd67fa8c588689ab01f65250a9e45074ad7bb411ec5deee26e66eeac31ab041d
-
SSDEEP
6144:0CJUBApDw9gDsBhMKA72UYI1W82cODU/3SZwmLRlHzX5ljFJlh2t:0ZBMDw9RBaKcXsinq/lZ32t
Static task
static1
Behavioral task
behavioral1
Sample
f1fba390156ecf5fd54a788ce6014017_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f1fba390156ecf5fd54a788ce6014017_JaffaCakes118
-
Size
443KB
-
MD5
f1fba390156ecf5fd54a788ce6014017
-
SHA1
52f0f84f2a3c3e749a748a2a3e5532eff7500463
-
SHA256
f004d8af06d317be8c725af9f0a0b07ad8e7232da8d96d95e773b8e28e6acfec
-
SHA512
b4c91fffcb0d88012799b6f880cfe2ee82b2a632cab0370285a6751b0df4ab3bbd67fa8c588689ab01f65250a9e45074ad7bb411ec5deee26e66eeac31ab041d
-
SSDEEP
6144:0CJUBApDw9gDsBhMKA72UYI1W82cODU/3SZwmLRlHzX5ljFJlh2t:0ZBMDw9RBaKcXsinq/lZ32t
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2