General
-
Target
192c731e822a64cce6dc9a6725d7b651_JaffaCakes118
-
Size
1.8MB
-
Sample
240628-hk3zcaweke
-
MD5
192c731e822a64cce6dc9a6725d7b651
-
SHA1
288c85400ea2abad7f29cde9f90658e9876d1710
-
SHA256
11c0e397d62858a5a59ffc635eff294ae5bf5aaf5b94f97e48ef86b599e0987e
-
SHA512
b6f7925f4cd8b445092a947d89f492744520132abacd9bfc3535e2b406ed797490cebb3315dffd93413bba61e8f333d0429c5c942b0362b85c783e5611980006
-
SSDEEP
24576:Kb2/DbTeyIuPVJFFDHZWCaIYm1hCcDOmi:f/lDoC1O
Static task
static1
Behavioral task
behavioral1
Sample
192c731e822a64cce6dc9a6725d7b651_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
darkcomet
Guest16
darkcomet2013.no-ip.biz:1500
192.168.1.71:1500
DC_MUTEX-9LQ2QJ5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
30ibXWq2y5dh
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
192c731e822a64cce6dc9a6725d7b651_JaffaCakes118
-
Size
1.8MB
-
MD5
192c731e822a64cce6dc9a6725d7b651
-
SHA1
288c85400ea2abad7f29cde9f90658e9876d1710
-
SHA256
11c0e397d62858a5a59ffc635eff294ae5bf5aaf5b94f97e48ef86b599e0987e
-
SHA512
b6f7925f4cd8b445092a947d89f492744520132abacd9bfc3535e2b406ed797490cebb3315dffd93413bba61e8f333d0429c5c942b0362b85c783e5611980006
-
SSDEEP
24576:Kb2/DbTeyIuPVJFFDHZWCaIYm1hCcDOmi:f/lDoC1O
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1