General
-
Target
00e1c513568801b979c6422760dc24c4_JaffaCakes118
-
Size
284KB
-
Sample
240622-czf58stckd
-
MD5
00e1c513568801b979c6422760dc24c4
-
SHA1
e0702999b9a8e015a8199d589503ca513dbd49d2
-
SHA256
e7c71130ff3dfe76f773b2db8545ea308a8f7867b79b45193b495451e00650da
-
SHA512
1b256bb70558545f0b4c114b5b7aaf84d0901a40d3a95920dbd01eed8986d84e1158450798bdd04d417d6b35d7d6421b1e92d630f5fc6e5923089047e066a5a0
-
SSDEEP
6144:oBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6lneh4/drl:otqwjxRl+t6GfL7zcrlrl
Behavioral task
behavioral1
Sample
00e1c513568801b979c6422760dc24c4_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
Guest16
abogaism1.zapto.org:1604
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
MTAitXUedNW6
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
00e1c513568801b979c6422760dc24c4_JaffaCakes118
-
Size
284KB
-
MD5
00e1c513568801b979c6422760dc24c4
-
SHA1
e0702999b9a8e015a8199d589503ca513dbd49d2
-
SHA256
e7c71130ff3dfe76f773b2db8545ea308a8f7867b79b45193b495451e00650da
-
SHA512
1b256bb70558545f0b4c114b5b7aaf84d0901a40d3a95920dbd01eed8986d84e1158450798bdd04d417d6b35d7d6421b1e92d630f5fc6e5923089047e066a5a0
-
SSDEEP
6144:oBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6lneh4/drl:otqwjxRl+t6GfL7zcrlrl
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-