General
-
Target
0919b6a41b7255553db07dc927daef4d_JaffaCakes118
-
Size
1.3MB
-
Sample
240624-rzl4ta1ajn
-
MD5
0919b6a41b7255553db07dc927daef4d
-
SHA1
947884655361f69d6b99443f43d3819f9b08d1f1
-
SHA256
42c50b12f51d8024e8ff95635987c4762de53e13c9751d2309564caa5d3e7ed5
-
SHA512
a0c9c048c6e55d9961991eb6c63728c77c57e78908899639bce0550e4cd66b4528d54dedd2895e610b2e03f22bfcae3705043307ef3ddc6ee6d568797c2032d1
-
SSDEEP
24576:/YsCJfxcd42BIjFnd3gwU7Ze0Hmt9rgv8Ku6I6sL9NVuJb9ZK:/YpyOZxlKuacqo
Static task
static1
Behavioral task
behavioral1
Sample
0919b6a41b7255553db07dc927daef4d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0919b6a41b7255553db07dc927daef4d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
Guest16
meisam.no-ip.info:1604
meisam.no-ip.info:1605
meisam.no-ip.info:1606
DC_MUTEX-C19NEME
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
eXUyCaLA1jUs
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
0919b6a41b7255553db07dc927daef4d_JaffaCakes118
-
Size
1.3MB
-
MD5
0919b6a41b7255553db07dc927daef4d
-
SHA1
947884655361f69d6b99443f43d3819f9b08d1f1
-
SHA256
42c50b12f51d8024e8ff95635987c4762de53e13c9751d2309564caa5d3e7ed5
-
SHA512
a0c9c048c6e55d9961991eb6c63728c77c57e78908899639bce0550e4cd66b4528d54dedd2895e610b2e03f22bfcae3705043307ef3ddc6ee6d568797c2032d1
-
SSDEEP
24576:/YsCJfxcd42BIjFnd3gwU7Ze0Hmt9rgv8Ku6I6sL9NVuJb9ZK:/YpyOZxlKuacqo
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-