General
-
Target
18fb8efcf5d20eee45ac7b65d4adcba8_JaffaCakes118
-
Size
650KB
-
Sample
240628-gclvestfpd
-
MD5
18fb8efcf5d20eee45ac7b65d4adcba8
-
SHA1
0e9e982364df02f61ae38598b9bae7fdf88cedce
-
SHA256
09da8c179c90ad0b2f8813465e2c17154b08be99f31601591adb68b54acaa014
-
SHA512
a07d98e70d50371c7ffb4e313a0e5985757cbe7a98f5db511c356ef577f49682236180ee394feb5844b26b551ce9b79b7eda15d1265a0ee33671936e8364611b
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+5:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GI
Behavioral task
behavioral1
Sample
18fb8efcf5d20eee45ac7b65d4adcba8_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
18fb8efcf5d20eee45ac7b65d4adcba8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
Trojan -Anto
79.44.153.226:1604
192.168.1.12:1604
127.0.0.1:1604
pazzo90.no-ip.org:1604
DC_MUTEX-1ZU7GL5
-
InstallPath
Microsoft.exe
-
gencode
fcbHLDnEBLN6
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
cvhost
Targets
-
-
Target
18fb8efcf5d20eee45ac7b65d4adcba8_JaffaCakes118
-
Size
650KB
-
MD5
18fb8efcf5d20eee45ac7b65d4adcba8
-
SHA1
0e9e982364df02f61ae38598b9bae7fdf88cedce
-
SHA256
09da8c179c90ad0b2f8813465e2c17154b08be99f31601591adb68b54acaa014
-
SHA512
a07d98e70d50371c7ffb4e313a0e5985757cbe7a98f5db511c356ef577f49682236180ee394feb5844b26b551ce9b79b7eda15d1265a0ee33671936e8364611b
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+5:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GI
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-