General
-
Target
148da8473a260935979977ade797e718_JaffaCakes118
-
Size
3.0MB
-
Sample
240504-1bakjsbg6z
-
MD5
148da8473a260935979977ade797e718
-
SHA1
18d0286962802911133a5ab6ae5016c9cda08b6d
-
SHA256
a29e150b2ff91da057487b87d420e394347f3e0364742705705b103a2d518f61
-
SHA512
9c38ab2950450a0c22c5cb7dcf8cb99dd421344ac14e4d66890a1de11ab9a0185cbca967f6120a121bb720fae53774ea4545e48fca16ee501bdaa84d73d4ba81
-
SSDEEP
49152:hxxxK/o/y7wmmD9gukh9wiNInkjCG8mzD0W357/0nsj7a3LTK4U:hBykVCnh/InmCGACTj+TK4U
Static task
static1
Behavioral task
behavioral1
Sample
148da8473a260935979977ade797e718_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
darkcomet
Guest16
leifstresser.ddns.net:1604
127.0.0.1:1604
cuntface
-
InstallPath
Windows/Explorer
-
gencode
pG07ARK2K01Z
-
install
true
-
offline_keylogger
true
-
password
lolamoomoo1
-
persistence
true
-
reg_key
Updater
Targets
-
-
Target
148da8473a260935979977ade797e718_JaffaCakes118
-
Size
3.0MB
-
MD5
148da8473a260935979977ade797e718
-
SHA1
18d0286962802911133a5ab6ae5016c9cda08b6d
-
SHA256
a29e150b2ff91da057487b87d420e394347f3e0364742705705b103a2d518f61
-
SHA512
9c38ab2950450a0c22c5cb7dcf8cb99dd421344ac14e4d66890a1de11ab9a0185cbca967f6120a121bb720fae53774ea4545e48fca16ee501bdaa84d73d4ba81
-
SSDEEP
49152:hxxxK/o/y7wmmD9gukh9wiNInkjCG8mzD0W357/0nsj7a3LTK4U:hBykVCnh/InmCGACTj+TK4U
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-