General
-
Target
1995a5672707f582ee59f83b9193c044_JaffaCakes118
-
Size
502KB
-
Sample
240628-k71tls1gng
-
MD5
1995a5672707f582ee59f83b9193c044
-
SHA1
9b422333131eaf227f24a058e567c9b31e9a3362
-
SHA256
a3717afaeee0b6a23731d2022445ed8e74b20e723af80b99c81d688e0f7e2eda
-
SHA512
5dc413600bfd1c251fe20c99460daf40c1b2401b9c15484cfac3d8915ff09f3481d8bc2fc7d2aa9396717666fe0c97901ac91bccf529873845f5e87454ec9d37
-
SSDEEP
6144:dIT5omhVRsO0osSN4UYOlDX6LYSCJ6wFPa66bwfawGbwyXWx9QYFQkFD998gWNlG:dIj3R4osi6USnjLwGFmx959DENtTird
Static task
static1
Behavioral task
behavioral1
Sample
1995a5672707f582ee59f83b9193c044_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1995a5672707f582ee59f83b9193c044_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
ÝÇÑÓ
ogdd.servemp3.com:4433
DC_MUTEX-ZEB45K2
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oNjPFSVD68XS
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
1995a5672707f582ee59f83b9193c044_JaffaCakes118
-
Size
502KB
-
MD5
1995a5672707f582ee59f83b9193c044
-
SHA1
9b422333131eaf227f24a058e567c9b31e9a3362
-
SHA256
a3717afaeee0b6a23731d2022445ed8e74b20e723af80b99c81d688e0f7e2eda
-
SHA512
5dc413600bfd1c251fe20c99460daf40c1b2401b9c15484cfac3d8915ff09f3481d8bc2fc7d2aa9396717666fe0c97901ac91bccf529873845f5e87454ec9d37
-
SSDEEP
6144:dIT5omhVRsO0osSN4UYOlDX6LYSCJ6wFPa66bwfawGbwyXWx9QYFQkFD998gWNlG:dIj3R4osi6USnjLwGFmx959DENtTird
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1