General
-
Target
0c5223135705127340de474101377fe5_JaffaCakes118
-
Size
421KB
-
Sample
240621-ryc5hsxgjr
-
MD5
0c5223135705127340de474101377fe5
-
SHA1
985e77a2140c0a550969a852f562d5b3a0ac54fb
-
SHA256
754209056906ab5fb4674fd3c8e40983ed049296caee2c84be14b97d890a73c7
-
SHA512
19919f2f3bc14eec61169305093af95d45719a80b3bef49310432897fa62bdb9ef5f17495183583e3c7a21c4e15b4e7a3340442f26064768da2ab8c3eaea4319
-
SSDEEP
6144:PMg79ZIqzIKS6FiBxZJ0w1lSWdWIYhwYS8df0eiHvPiiUQ:PMg7wqli7zLXSVIYhwYS8diii
Behavioral task
behavioral1
Sample
0c5223135705127340de474101377fe5_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
kaanzy.no-ip.biz:81
DC_MUTEX-K4YR9XA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
xy82A9W0TQCa
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
0c5223135705127340de474101377fe5_JaffaCakes118
-
Size
421KB
-
MD5
0c5223135705127340de474101377fe5
-
SHA1
985e77a2140c0a550969a852f562d5b3a0ac54fb
-
SHA256
754209056906ab5fb4674fd3c8e40983ed049296caee2c84be14b97d890a73c7
-
SHA512
19919f2f3bc14eec61169305093af95d45719a80b3bef49310432897fa62bdb9ef5f17495183583e3c7a21c4e15b4e7a3340442f26064768da2ab8c3eaea4319
-
SSDEEP
6144:PMg79ZIqzIKS6FiBxZJ0w1lSWdWIYhwYS8df0eiHvPiiUQ:PMg7wqli7zLXSVIYhwYS8diii
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-