General
-
Target
1b7680e1fc999d748b468ce218fe0473_JaffaCakes118
-
Size
896KB
-
Sample
240701-qnh3caxdpj
-
MD5
1b7680e1fc999d748b468ce218fe0473
-
SHA1
08f4dfa1068b2f546b8131d483b7c4553349e897
-
SHA256
da204cf93005c61a0fc0cc4ece8c9b9bf7b63198af29cdeeb3ac190f59d39195
-
SHA512
59b3fbfcc38d590b6c26b5c9b555c36b15d0573000fbdd8cc5ffd257a181e46505b262469fd42006b857d82701b0f4ced4a6d63069a4692065704938c665b9b3
-
SSDEEP
12288:OHZEOCafvtr2AIFKGg3s9CibaPKiCR8APGpYqckJPArSWPGX76ax+G+1km3CekJB:sZEOCadKdQTAjb276ugBOISm7D2orK
Static task
static1
Behavioral task
behavioral1
Sample
1b7680e1fc999d748b468ce218fe0473_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1b7680e1fc999d748b468ce218fe0473_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
darkcomet
ãäÊÏì
nnns.zapto.org:4433
DC_MUTEX-HTT3CAX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
BkangWFkKcGv
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
1b7680e1fc999d748b468ce218fe0473_JaffaCakes118
-
Size
896KB
-
MD5
1b7680e1fc999d748b468ce218fe0473
-
SHA1
08f4dfa1068b2f546b8131d483b7c4553349e897
-
SHA256
da204cf93005c61a0fc0cc4ece8c9b9bf7b63198af29cdeeb3ac190f59d39195
-
SHA512
59b3fbfcc38d590b6c26b5c9b555c36b15d0573000fbdd8cc5ffd257a181e46505b262469fd42006b857d82701b0f4ced4a6d63069a4692065704938c665b9b3
-
SSDEEP
12288:OHZEOCafvtr2AIFKGg3s9CibaPKiCR8APGpYqckJPArSWPGX76ax+G+1km3CekJB:sZEOCadKdQTAjb276ugBOISm7D2orK
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-