General
-
Target
f4630b61a73be4dd2a06cb1daf852ad5_JaffaCakes118
-
Size
824KB
-
Sample
241215-rmzt5swrez
-
MD5
f4630b61a73be4dd2a06cb1daf852ad5
-
SHA1
2a0d4498c6116f71babdec9b12e66da8e15a7061
-
SHA256
9ccd55fbd0fbf72e74d9c4a293a84e91a764cb11835774a32cf7432e1ad58df7
-
SHA512
4e3ecd60f7546e97382738a7b4253f015a8aef3492357f0b8b7fc76a69d6f32fab348eda98c9f3a9644a17aaea025564a6e87d27cd419c7dfe857d21918599a7
-
SSDEEP
24576:1nuXyIyxS+2UT5G6vDj4Vl1H8Pgrg4yzv2j:1uCzfw8gVLH8PgWE
Static task
static1
Behavioral task
behavioral1
Sample
f4630b61a73be4dd2a06cb1daf852ad5_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f4630b61a73be4dd2a06cb1daf852ad5_JaffaCakes118
-
Size
824KB
-
MD5
f4630b61a73be4dd2a06cb1daf852ad5
-
SHA1
2a0d4498c6116f71babdec9b12e66da8e15a7061
-
SHA256
9ccd55fbd0fbf72e74d9c4a293a84e91a764cb11835774a32cf7432e1ad58df7
-
SHA512
4e3ecd60f7546e97382738a7b4253f015a8aef3492357f0b8b7fc76a69d6f32fab348eda98c9f3a9644a17aaea025564a6e87d27cd419c7dfe857d21918599a7
-
SSDEEP
24576:1nuXyIyxS+2UT5G6vDj4Vl1H8Pgrg4yzv2j:1uCzfw8gVLH8PgWE
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1