General
-
Target
07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118
-
Size
832KB
-
Sample
240624-l9qbbsxaqb
-
MD5
07e743a748a1bbb51e47e0682b6943ef
-
SHA1
57a4417642f65f41c6b70396da8e8e77583e64f3
-
SHA256
d230c75cac484403eb21527cfb791b0f26bedc51ea31de00c726701d7910930c
-
SHA512
4ac1f451dccfd240a5f82f8ab8b6048e1f83961e9b4ec6e2cdd9ea4c9117f207b2fa853b52225c8c530e0c9d5411f08e7ccf56123d98ceb620af5f0b1ed7a43b
-
SSDEEP
24576:vO8DaU7loMReFXbjQpy7oGAN4nriXvLAePZl3LH:vraalsFXbjCy7s+ryvX3
Static task
static1
Behavioral task
behavioral1
Sample
07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
Guest16
badrou.no-ip.org:1604
pidrou.no-ip.org:1604
192.168.0.10:1604
DC_MUTEX-9X4GYAK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Eb2ew6104y4G
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118
-
Size
832KB
-
MD5
07e743a748a1bbb51e47e0682b6943ef
-
SHA1
57a4417642f65f41c6b70396da8e8e77583e64f3
-
SHA256
d230c75cac484403eb21527cfb791b0f26bedc51ea31de00c726701d7910930c
-
SHA512
4ac1f451dccfd240a5f82f8ab8b6048e1f83961e9b4ec6e2cdd9ea4c9117f207b2fa853b52225c8c530e0c9d5411f08e7ccf56123d98ceb620af5f0b1ed7a43b
-
SSDEEP
24576:vO8DaU7loMReFXbjQpy7oGAN4nriXvLAePZl3LH:vraalsFXbjCy7s+ryvX3
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2