General
-
Target
18d46ddaa7b3c6afae42058a273789ce_JaffaCakes118
-
Size
750KB
-
Sample
240628-ffz1savcnj
-
MD5
18d46ddaa7b3c6afae42058a273789ce
-
SHA1
62da1f56cf1792ffc096e56eba14151a274320cc
-
SHA256
bdd3d2eb31328c3e93623405e820a51b154954ab26008a10072960a99b204e2e
-
SHA512
ffd39b63ef234314db54e5e1b12aed7bedf661d1e66d3e6ea5c21ceef4b7a176b61131f566e5dfba304da8dd3db8852396d7bbe7f8320bbef0150250ca3c1e75
-
SSDEEP
12288:kk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+4:V0QRWoJEfg0oChGdJQbjPbNW5tYeP+GL
Behavioral task
behavioral1
Sample
18d46ddaa7b3c6afae42058a273789ce_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
18d46ddaa7b3c6afae42058a273789ce_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Guest16
remila.no-ip.biz:1604
DC_MUTEX-20J85XY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NoNpEFiHHBFZ
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
18d46ddaa7b3c6afae42058a273789ce_JaffaCakes118
-
Size
750KB
-
MD5
18d46ddaa7b3c6afae42058a273789ce
-
SHA1
62da1f56cf1792ffc096e56eba14151a274320cc
-
SHA256
bdd3d2eb31328c3e93623405e820a51b154954ab26008a10072960a99b204e2e
-
SHA512
ffd39b63ef234314db54e5e1b12aed7bedf661d1e66d3e6ea5c21ceef4b7a176b61131f566e5dfba304da8dd3db8852396d7bbe7f8320bbef0150250ca3c1e75
-
SSDEEP
12288:kk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+4:V0QRWoJEfg0oChGdJQbjPbNW5tYeP+GL
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-