General
-
Target
11e5fe1ed48897be658e90416d671f17_JaffaCakes118
-
Size
1.3MB
-
Sample
240504-ked45sbd92
-
MD5
11e5fe1ed48897be658e90416d671f17
-
SHA1
b5fd0aa3b324954b4c94cf34189cea64efa61387
-
SHA256
72664acbb76d528a1b930c3f9120f2125e6e3d8f7c68502cf67d78c7a108df9b
-
SHA512
c1956b900a517048fd91d752d3b76282d38cc69fbc60de6d1e436ec88492acf3a5fe2848134556c6d3648126cf5e3643752ff867eddbf6bb0d2ebae03bc5ae2c
-
SSDEEP
24576:f2O/GlB5fVh82Djw3MJXkN6GXEGvqCbOyIwJsyaNZIbUt0hM7gh8/pIHgs:KfVW2D8akAGVvRbOyIDBIYt0+W8/p8gs
Static task
static1
Behavioral task
behavioral1
Sample
11e5fe1ed48897be658e90416d671f17_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
11e5fe1ed48897be658e90416d671f17_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
darkcomet
Malik El Shabbaz
benzenekartel.ddns.net:2200
DCMIN_MUTEX-XC4B7RD
-
gencode
RZXBxdP7UGXu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
11e5fe1ed48897be658e90416d671f17_JaffaCakes118
-
Size
1.3MB
-
MD5
11e5fe1ed48897be658e90416d671f17
-
SHA1
b5fd0aa3b324954b4c94cf34189cea64efa61387
-
SHA256
72664acbb76d528a1b930c3f9120f2125e6e3d8f7c68502cf67d78c7a108df9b
-
SHA512
c1956b900a517048fd91d752d3b76282d38cc69fbc60de6d1e436ec88492acf3a5fe2848134556c6d3648126cf5e3643752ff867eddbf6bb0d2ebae03bc5ae2c
-
SSDEEP
24576:f2O/GlB5fVh82Djw3MJXkN6GXEGvqCbOyIwJsyaNZIbUt0hM7gh8/pIHgs:KfVW2D8akAGVvRbOyIDBIYt0+W8/p8gs
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-