General
-
Target
f8467042a759d96704fa3a7d7431c81b_JaffaCakes118
-
Size
646KB
-
Sample
241216-ky45nsvjdn
-
MD5
f8467042a759d96704fa3a7d7431c81b
-
SHA1
aa5d4da99373f8b72c36f6c8d4673c007997218f
-
SHA256
451c3d0650fd4c2d6a4d2df2b84d140c6667ce22cc3d5b2e91c85498786beb00
-
SHA512
3c40083de05105cf51913bcf70201be73d984d405819fa4ce1abe9a5656b5a0c917c3bc1479b04e4086acafb4beaf8469884a60cdae5a3e380f7f1b5a6b4a900
-
SSDEEP
12288:48UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixV:RUKoN0bUxgGa/pfBHDb+y1HgZf
Behavioral task
behavioral1
Sample
f8467042a759d96704fa3a7d7431c81b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f8467042a759d96704fa3a7d7431c81b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
f8467042a759d96704fa3a7d7431c81b_JaffaCakes118
-
Size
646KB
-
MD5
f8467042a759d96704fa3a7d7431c81b
-
SHA1
aa5d4da99373f8b72c36f6c8d4673c007997218f
-
SHA256
451c3d0650fd4c2d6a4d2df2b84d140c6667ce22cc3d5b2e91c85498786beb00
-
SHA512
3c40083de05105cf51913bcf70201be73d984d405819fa4ce1abe9a5656b5a0c917c3bc1479b04e4086acafb4beaf8469884a60cdae5a3e380f7f1b5a6b4a900
-
SSDEEP
12288:48UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixV:RUKoN0bUxgGa/pfBHDb+y1HgZf
Score10/10-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1