General
-
Target
f3bb0940df959bbc72af7c733a7e4c6f_JaffaCakes118
-
Size
344KB
-
Sample
241215-na9xsssldw
-
MD5
f3bb0940df959bbc72af7c733a7e4c6f
-
SHA1
c7189227a418e20c15af80dca66b114fc7c52b8f
-
SHA256
b9d2b92a14eeb07b5a4b283b74853085569036e22bc1a18807c781e7576c83ab
-
SHA512
97226a3d3cd140ca59a4a99c0cb2ba7c44a0970d960d53c7440e4e122ab1d6235279542f2a17f90bcc16e60310b579e61d0fa7553689f3bb310ec6b27ba943d2
-
SSDEEP
6144:hMggLtESuJHedbXFN+xTHkPgVSf1wEC2GYOf71smQcV9U:hMjLtExRedbXFYIvfbyYshsn
Behavioral task
behavioral1
Sample
f3bb0940df959bbc72af7c733a7e4c6f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f3bb0940df959bbc72af7c733a7e4c6f_JaffaCakes118
-
Size
344KB
-
MD5
f3bb0940df959bbc72af7c733a7e4c6f
-
SHA1
c7189227a418e20c15af80dca66b114fc7c52b8f
-
SHA256
b9d2b92a14eeb07b5a4b283b74853085569036e22bc1a18807c781e7576c83ab
-
SHA512
97226a3d3cd140ca59a4a99c0cb2ba7c44a0970d960d53c7440e4e122ab1d6235279542f2a17f90bcc16e60310b579e61d0fa7553689f3bb310ec6b27ba943d2
-
SSDEEP
6144:hMggLtESuJHedbXFN+xTHkPgVSf1wEC2GYOf71smQcV9U:hMjLtExRedbXFYIvfbyYshsn
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2