General
-
Target
f41ef2560568dbf67275f96faf20091f_JaffaCakes118
-
Size
1.1MB
-
Sample
241215-p8qggswqbm
-
MD5
f41ef2560568dbf67275f96faf20091f
-
SHA1
4c14b89ad8e17a2122f4e75e25b4aff1402d7a6c
-
SHA256
e4165826c92dbf49de83364b1e148d71e56b3fa286ece7c666c4f375291ba2ae
-
SHA512
f91835fef1fe879f0f4e6046a89660d7b675d4a37156ecf6e0983fb145587bf3ef331267e8be7f6eae49259c23daafbc89a35dd5b15925460934a278a0b38626
-
SSDEEP
24576:GdlOOwjvfY1jXUJt/tn5qA8ls+F3TFcm7zDYvmVPflzaWH3IfUhlk/:GbwjnOXuFn5qhls+JTFb7BXlmWH34Uhy
Static task
static1
Behavioral task
behavioral1
Sample
f41ef2560568dbf67275f96faf20091f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f41ef2560568dbf67275f96faf20091f_JaffaCakes118
-
Size
1.1MB
-
MD5
f41ef2560568dbf67275f96faf20091f
-
SHA1
4c14b89ad8e17a2122f4e75e25b4aff1402d7a6c
-
SHA256
e4165826c92dbf49de83364b1e148d71e56b3fa286ece7c666c4f375291ba2ae
-
SHA512
f91835fef1fe879f0f4e6046a89660d7b675d4a37156ecf6e0983fb145587bf3ef331267e8be7f6eae49259c23daafbc89a35dd5b15925460934a278a0b38626
-
SSDEEP
24576:GdlOOwjvfY1jXUJt/tn5qA8ls+F3TFcm7zDYvmVPflzaWH3IfUhlk/:GbwjnOXuFn5qhls+JTFb7BXlmWH34Uhy
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
6