General
-
Target
091098436a66412a9324178f7fd2d14e_JaffaCakes118
-
Size
748KB
-
Sample
240624-rt3vdazgkn
-
MD5
091098436a66412a9324178f7fd2d14e
-
SHA1
230d0f8fc2091b96f53128c1abb383415bcb8ae6
-
SHA256
1974c76dbaedd6e13b0e151e07f8f74782038de4d53262d8c1f3ab4e23c7543f
-
SHA512
6a0f589a2b1959f4d997357571be44c43a6c6a815b3b6355836436a44635e1f929dc40d6f88039e27c2059b5ea90feb0ef2264a2042e74779c5f1e19ab9a660e
-
SSDEEP
12288:Rk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+pNYl:60QRWoJEfg0oChGdJQbjPbNW5tYeP+Gl
Behavioral task
behavioral1
Sample
091098436a66412a9324178f7fd2d14e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
091098436a66412a9324178f7fd2d14e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
ownedandhacker.no-ip.org:1604
DC_MUTEX-EL73KQ1
-
InstallPath
msdcscupdatesec.exe
-
gencode
myiVsEqaWd4m
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
091098436a66412a9324178f7fd2d14e_JaffaCakes118
-
Size
748KB
-
MD5
091098436a66412a9324178f7fd2d14e
-
SHA1
230d0f8fc2091b96f53128c1abb383415bcb8ae6
-
SHA256
1974c76dbaedd6e13b0e151e07f8f74782038de4d53262d8c1f3ab4e23c7543f
-
SHA512
6a0f589a2b1959f4d997357571be44c43a6c6a815b3b6355836436a44635e1f929dc40d6f88039e27c2059b5ea90feb0ef2264a2042e74779c5f1e19ab9a660e
-
SSDEEP
12288:Rk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+pNYl:60QRWoJEfg0oChGdJQbjPbNW5tYeP+Gl
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-