General
-
Target
e3c236d4baa95fe15655673cfe3de9bd_JaffaCakes118
-
Size
944KB
-
Sample
240407-bxbmashg84
-
MD5
e3c236d4baa95fe15655673cfe3de9bd
-
SHA1
64a5c72c26fd019835bbed524861d319f9b2add4
-
SHA256
b2e3badbec72d449e2208990a97399540f7ab826af5292107eff7a93cec85629
-
SHA512
4b0a0d2860161656a7bc89f8b33cd1f5da16b5ad28491a644b48888291a4ada37d926b1fe6f3afa6cb2594b7ffebba1aaa7a81d9e8207e8a32f1a7e63ff4470d
-
SSDEEP
24576:Fz/jdg3Dm5Z2E6rVU3JKD8Xnt5hV/lLXeaFeqSG:JLdg3aP6rVgNnt5hV/UxG
Static task
static1
Behavioral task
behavioral1
Sample
e3c236d4baa95fe15655673cfe3de9bd_JaffaCakes118.exe
Resource
win7-20240319-en
Malware Config
Extracted
darkcomet
Guest16
minecraftaccount.no-ip.info:1604
DC_MUTEX-4ASV9ZC
-
gencode
W36GpkH7SSu9
-
install
false
-
offline_keylogger
true
-
password
cutebro
-
persistence
false
Targets
-
-
Target
e3c236d4baa95fe15655673cfe3de9bd_JaffaCakes118
-
Size
944KB
-
MD5
e3c236d4baa95fe15655673cfe3de9bd
-
SHA1
64a5c72c26fd019835bbed524861d319f9b2add4
-
SHA256
b2e3badbec72d449e2208990a97399540f7ab826af5292107eff7a93cec85629
-
SHA512
4b0a0d2860161656a7bc89f8b33cd1f5da16b5ad28491a644b48888291a4ada37d926b1fe6f3afa6cb2594b7ffebba1aaa7a81d9e8207e8a32f1a7e63ff4470d
-
SSDEEP
24576:Fz/jdg3Dm5Z2E6rVU3JKD8Xnt5hV/lLXeaFeqSG:JLdg3aP6rVgNnt5hV/UxG
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-