General
-
Target
153c9a83b35793608d96499376758481_JaffaCakes118
-
Size
560KB
-
Sample
240627-jtll4azdma
-
MD5
153c9a83b35793608d96499376758481
-
SHA1
b75cab73b740c00248fb2700db0458b4d0fb013b
-
SHA256
d4e0fbc80c5b130e7372443226520eea2bbe1f47af2edf82c727cce59862d944
-
SHA512
177dc6142c4fb52cb0f2d6297ca65c4badf9e6f5475f508793904e66c9eef21f49995688882650060d5aa0592c7f1b6be0b16d52942d079e2eee07508502cb04
-
SSDEEP
12288:3eVOeheJYvaFzBIzYMjxTg8xJm5+H+0+KBPNAPqDckkA:OH8JiaFKjNAo+K8PFe
Static task
static1
Behavioral task
behavioral1
Sample
153c9a83b35793608d96499376758481_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
darkcomet
Guest16
tebox.no-ip.biz:91
DC_MUTEX-GX7446Y
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
GvQvW3bSTE6M
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
153c9a83b35793608d96499376758481_JaffaCakes118
-
Size
560KB
-
MD5
153c9a83b35793608d96499376758481
-
SHA1
b75cab73b740c00248fb2700db0458b4d0fb013b
-
SHA256
d4e0fbc80c5b130e7372443226520eea2bbe1f47af2edf82c727cce59862d944
-
SHA512
177dc6142c4fb52cb0f2d6297ca65c4badf9e6f5475f508793904e66c9eef21f49995688882650060d5aa0592c7f1b6be0b16d52942d079e2eee07508502cb04
-
SSDEEP
12288:3eVOeheJYvaFzBIzYMjxTg8xJm5+H+0+KBPNAPqDckkA:OH8JiaFKjNAo+K8PFe
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-