General
-
Target
176ce8ced727581cc9f115c5aa55edea_JaffaCakes118
-
Size
649KB
-
Sample
240627-zbnxha1hlj
-
MD5
176ce8ced727581cc9f115c5aa55edea
-
SHA1
5f927c97f132d52defe29a7b8c54603187570d1c
-
SHA256
58d1d43c864ff4a3926e02151ec48a9038586394ad3e3bb9193dc26e35718487
-
SHA512
e0b3901ae184dfda7ebfa8903d2daa3076d96310d28407adfd2c8932b9c872e6e486c12daefe1e1d5568437d54198bcf13c8b7dd650d156c99cd1cc7547cc96b
-
SSDEEP
12288:Nk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aV7:+0QpGih4bd0rv5+l5szLXj917cqPu91L
Behavioral task
behavioral1
Sample
176ce8ced727581cc9f115c5aa55edea_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
176ce8ced727581cc9f115c5aa55edea_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
s3rv3r-2
tengxunsafeupdate.servecounterstrike.com:82
DCMIN_MUTEX-2NZCBWP
-
InstallPath
WinDefender.exe
-
gencode
2mzxGWP6uod7
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
WindowsDefender
Targets
-
-
Target
176ce8ced727581cc9f115c5aa55edea_JaffaCakes118
-
Size
649KB
-
MD5
176ce8ced727581cc9f115c5aa55edea
-
SHA1
5f927c97f132d52defe29a7b8c54603187570d1c
-
SHA256
58d1d43c864ff4a3926e02151ec48a9038586394ad3e3bb9193dc26e35718487
-
SHA512
e0b3901ae184dfda7ebfa8903d2daa3076d96310d28407adfd2c8932b9c872e6e486c12daefe1e1d5568437d54198bcf13c8b7dd650d156c99cd1cc7547cc96b
-
SSDEEP
12288:Nk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aV7:+0QpGih4bd0rv5+l5szLXj917cqPu91L
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-