General
-
Target
e87062f7c9f0b92009872542004ead46_JaffaCakes118
-
Size
785KB
-
Sample
240408-z64anscb88
-
MD5
e87062f7c9f0b92009872542004ead46
-
SHA1
f3b5953b9ff340ad1760e7db7cb2f258abd28ec2
-
SHA256
1302269ff3ed8121d83f80ac345f9e5e647b055b015e0dfc20277d0fa24c25e6
-
SHA512
36c9f389c352d701645980e9d78e0f1ceb579bff1b9993ee906de15e003112b4ee94681ac8db256627ea5a01104e4dc9ea356912c37084f796bc07e1277cdf61
-
SSDEEP
12288:z9KHIPV55+Ndq+tnj8KyEpQdGMXJMIHdfJzW3Ie0HqJyVejgfMAVd74LeFYV1:NPV5ANdzvuHdfZW4J+apf7RWeFY3
Static task
static1
Behavioral task
behavioral1
Sample
e87062f7c9f0b92009872542004ead46_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e87062f7c9f0b92009872542004ead46_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
remoterat11.no-ip.biz:1604
DC_MUTEX-F54S21D
-
gencode
9xPue2Ae0bpq
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e87062f7c9f0b92009872542004ead46_JaffaCakes118
-
Size
785KB
-
MD5
e87062f7c9f0b92009872542004ead46
-
SHA1
f3b5953b9ff340ad1760e7db7cb2f258abd28ec2
-
SHA256
1302269ff3ed8121d83f80ac345f9e5e647b055b015e0dfc20277d0fa24c25e6
-
SHA512
36c9f389c352d701645980e9d78e0f1ceb579bff1b9993ee906de15e003112b4ee94681ac8db256627ea5a01104e4dc9ea356912c37084f796bc07e1277cdf61
-
SSDEEP
12288:z9KHIPV55+Ndq+tnj8KyEpQdGMXJMIHdfJzW3Ie0HqJyVejgfMAVd74LeFYV1:NPV5ANdzvuHdfZW4J+apf7RWeFY3
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-