General
-
Target
102d6b79c2ff2f8a1bd160b965490d9c_JaffaCakes118
-
Size
650KB
-
Sample
240626-bcdadsxdmk
-
MD5
102d6b79c2ff2f8a1bd160b965490d9c
-
SHA1
8b6e1ec317f027d002ed2d0fdace097b454cb8b6
-
SHA256
cab888f666b39e040043d22f85253e6789e1342ab4a6daf2c3963111c98cda3b
-
SHA512
a1fce383a3498332ad7857588f83eec4a5936646f1a7dd18c424d6ae0a1429e1f4777e33e5bcdfe0443bbd572533e4d2f90cc575df9a25ebf565c46254a15c0d
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+I:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gl
Behavioral task
behavioral1
Sample
102d6b79c2ff2f8a1bd160b965490d9c_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
102d6b79c2ff2f8a1bd160b965490d9c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
Guest16
88.171.241.28:1604
DC_MUTEX-LC5Z5DE
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NlJntxCBbSRS
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
102d6b79c2ff2f8a1bd160b965490d9c_JaffaCakes118
-
Size
650KB
-
MD5
102d6b79c2ff2f8a1bd160b965490d9c
-
SHA1
8b6e1ec317f027d002ed2d0fdace097b454cb8b6
-
SHA256
cab888f666b39e040043d22f85253e6789e1342ab4a6daf2c3963111c98cda3b
-
SHA512
a1fce383a3498332ad7857588f83eec4a5936646f1a7dd18c424d6ae0a1429e1f4777e33e5bcdfe0443bbd572533e4d2f90cc575df9a25ebf565c46254a15c0d
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+I:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gl
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-