General
-
Target
24a695bd98fe12ff40dfea58fa37a87e_JaffaCakes118
-
Size
651KB
-
Sample
240704-e83fyavdkq
-
MD5
24a695bd98fe12ff40dfea58fa37a87e
-
SHA1
a6f2d32c7e0dca5cf6f116e4805b093e3c672256
-
SHA256
7044ddd8b6a0a4dd7edd7989da538ed017522e3665ce3d0eaef606123a922f50
-
SHA512
0318fae3986389a91edfb4ae11509178993f4d3f0a588a9c369be1432a091c6c8d5abf697353dedf79d2c2dd4be08f20751c1fe5b6a56dcfa100e9e0d552ed23
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+y:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GX
Behavioral task
behavioral1
Sample
24a695bd98fe12ff40dfea58fa37a87e_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
24a695bd98fe12ff40dfea58fa37a87e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Guest16
mnanauk-dz.no-ip.biz:1604
DC_MUTEX-EB46CLG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rpfQbN9b66NT
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
24a695bd98fe12ff40dfea58fa37a87e_JaffaCakes118
-
Size
651KB
-
MD5
24a695bd98fe12ff40dfea58fa37a87e
-
SHA1
a6f2d32c7e0dca5cf6f116e4805b093e3c672256
-
SHA256
7044ddd8b6a0a4dd7edd7989da538ed017522e3665ce3d0eaef606123a922f50
-
SHA512
0318fae3986389a91edfb4ae11509178993f4d3f0a588a9c369be1432a091c6c8d5abf697353dedf79d2c2dd4be08f20751c1fe5b6a56dcfa100e9e0d552ed23
-
SSDEEP
12288:Lk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+y:g0QRWoJEfg0oChGdJQbjPbNW5tYeP+GX
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-