General
-
Target
043c80718da3e9d189d54e4a308e1cdc_JaffaCakes118
-
Size
346KB
-
Sample
240622-2ry4hsscqj
-
MD5
043c80718da3e9d189d54e4a308e1cdc
-
SHA1
b30a15110935e0055bb5e9d2315b550a7f301f23
-
SHA256
ee2838108da1433383db64796eff9ea971777941028b3b7d550b27f5e3595399
-
SHA512
2eb9748acb52cf808ba29bc13ad8116be01b1bacbbe88573a706239e83592c3f697d136528ff506081bf32520e377823aac7c74e24621e44d809e4796278c7ea
-
SSDEEP
6144:ElYqab9Yni054fcT0TJE8c4kp8nIfrriLDuLaXTV/9Tx4nt2NanqH7fEFfIBLgj:EG0nis4fnKZPp8IfviLDeaxoUES
Static task
static1
Behavioral task
behavioral1
Sample
043c80718da3e9d189d54e4a308e1cdc_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
Guest16
smr9.no-ip.org:1604
DC_MUTEX-FTS535R
-
InstallPath
MSDCSC\lsass.exe
-
gencode
FYP5R0KrQklH
-
install
true
-
offline_keylogger
false
-
password
123456
-
persistence
true
-
reg_key
lsass.exe
Targets
-
-
Target
043c80718da3e9d189d54e4a308e1cdc_JaffaCakes118
-
Size
346KB
-
MD5
043c80718da3e9d189d54e4a308e1cdc
-
SHA1
b30a15110935e0055bb5e9d2315b550a7f301f23
-
SHA256
ee2838108da1433383db64796eff9ea971777941028b3b7d550b27f5e3595399
-
SHA512
2eb9748acb52cf808ba29bc13ad8116be01b1bacbbe88573a706239e83592c3f697d136528ff506081bf32520e377823aac7c74e24621e44d809e4796278c7ea
-
SSDEEP
6144:ElYqab9Yni054fcT0TJE8c4kp8nIfrriLDuLaXTV/9Tx4nt2NanqH7fEFfIBLgj:EG0nis4fnKZPp8IfviLDeaxoUES
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-