General
-
Target
1c2d1c88e9597535bc77f312f3eed94b_JaffaCakes118
-
Size
758KB
-
Sample
240701-xwt8xavara
-
MD5
1c2d1c88e9597535bc77f312f3eed94b
-
SHA1
5313e64a644abf63c7a653ef3383d2cba4bb2470
-
SHA256
151a6374669a557f4b91682dff916e16088173c995f4cbf239b6d8828886ec89
-
SHA512
b435a3f06d218ce817783c5e3783e210bdc3860d7e330b4953a1b7b2a08e0c925b8937f52d6c6947c32613aceec1bc31897289a4c2bea81e2b12e563a8195ab4
-
SSDEEP
12288:8X2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/QoFCk:qss2Sm39NNv9wY7tHwbzfIoK6Mook
Behavioral task
behavioral1
Sample
1c2d1c88e9597535bc77f312f3eed94b_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
darkcomet
nsm
dark.dnsd.info:1604
DC_MUTEX-BBCMREG
-
InstallPath
MSDCSC\lsassc.exe
-
gencode
rArbm2GK8iZn
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
lsass.exe
Targets
-
-
Target
1c2d1c88e9597535bc77f312f3eed94b_JaffaCakes118
-
Size
758KB
-
MD5
1c2d1c88e9597535bc77f312f3eed94b
-
SHA1
5313e64a644abf63c7a653ef3383d2cba4bb2470
-
SHA256
151a6374669a557f4b91682dff916e16088173c995f4cbf239b6d8828886ec89
-
SHA512
b435a3f06d218ce817783c5e3783e210bdc3860d7e330b4953a1b7b2a08e0c925b8937f52d6c6947c32613aceec1bc31897289a4c2bea81e2b12e563a8195ab4
-
SSDEEP
12288:8X2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/QoFCk:qss2Sm39NNv9wY7tHwbzfIoK6Mook
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1