General
-
Target
0438b81ee3750308f9f569d031c21643_JaffaCakes118
-
Size
263KB
-
Sample
240622-2py1qssbrm
-
MD5
0438b81ee3750308f9f569d031c21643
-
SHA1
d89cc337a1fc42612c6f8bbadd3e7710ad59defe
-
SHA256
542c5c49bcadb7fa60ff96f55b43dc40638cb8b30de7fa61fc309085ae5a45bc
-
SHA512
5347343b9f18e64f67332925640884c458b01d41afb86e391355722ea7c8200c337211fae48008012a6c08aa114eca8ebaef8d72780060cac033514b16352969
-
SSDEEP
6144:ZUec+feYbi8H/z/Z3wqD5PaSjMHOOcBsl+jbPGCh:ZUexxdH7R53jhOdMbPG
Behavioral task
behavioral1
Sample
0438b81ee3750308f9f569d031c21643_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
smr9.no-ip.org:1604
DC_MUTEX-FTS535R
-
InstallPath
MSDCSC\lsass.exe
-
gencode
FYP5R0KrQklH
-
install
true
-
offline_keylogger
false
-
password
123456
-
persistence
true
-
reg_key
lsass.exe
Targets
-
-
Target
0438b81ee3750308f9f569d031c21643_JaffaCakes118
-
Size
263KB
-
MD5
0438b81ee3750308f9f569d031c21643
-
SHA1
d89cc337a1fc42612c6f8bbadd3e7710ad59defe
-
SHA256
542c5c49bcadb7fa60ff96f55b43dc40638cb8b30de7fa61fc309085ae5a45bc
-
SHA512
5347343b9f18e64f67332925640884c458b01d41afb86e391355722ea7c8200c337211fae48008012a6c08aa114eca8ebaef8d72780060cac033514b16352969
-
SSDEEP
6144:ZUec+feYbi8H/z/Z3wqD5PaSjMHOOcBsl+jbPGCh:ZUexxdH7R53jhOdMbPG
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-