General
-
Target
1731cf21b7b273b219848bd8c0a3270e_JaffaCakes118
-
Size
659KB
-
Sample
240505-l9n39sac58
-
MD5
1731cf21b7b273b219848bd8c0a3270e
-
SHA1
3bffb3c8162d1fb1dde707d2753f6e55b17e9a8f
-
SHA256
c4b495ba633b7f07225d6ee29ce0fa972a70c34b0af204cc5c688e82d2d888e8
-
SHA512
41c386aea91b47d03aff532df8dc9ef1f60e70f8902d8b7d5b47dbc57d45de7fc3d7fc5c61c9c94aa2b1410a0a181c70d3f06afd52654f533d5394f344e2f905
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/:+Z1xuVVjfFoynPaVBUR8f+kN10Ed
Behavioral task
behavioral1
Sample
1731cf21b7b273b219848bd8c0a3270e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
AWESOME
99.65.242.51:200
192.168.1.64:200
DC_MUTEX-4B9Z3T3
-
gencode
6FLz4koiwUa8
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1731cf21b7b273b219848bd8c0a3270e_JaffaCakes118
-
Size
659KB
-
MD5
1731cf21b7b273b219848bd8c0a3270e
-
SHA1
3bffb3c8162d1fb1dde707d2753f6e55b17e9a8f
-
SHA256
c4b495ba633b7f07225d6ee29ce0fa972a70c34b0af204cc5c688e82d2d888e8
-
SHA512
41c386aea91b47d03aff532df8dc9ef1f60e70f8902d8b7d5b47dbc57d45de7fc3d7fc5c61c9c94aa2b1410a0a181c70d3f06afd52654f533d5394f344e2f905
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/:+Z1xuVVjfFoynPaVBUR8f+kN10Ed
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-