General
-
Target
20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118
-
Size
290KB
-
Sample
240507-ra63paad7t
-
MD5
20c0e7db3abc359de1ea1b468f66e672
-
SHA1
c718750922cfa8a84b2996634b042e6d174e0bf6
-
SHA256
720398a159636f239c88e55bb75bf52bd7af634d8559b1f5090dbfa5baec8d81
-
SHA512
54df9179e8ebc0fe02f68dd62e8b2f45edbec53562f5b04735b6d4919ccec1719a943c4e5e605f884bda29401b0abb5d6e93898fb7943ead365155fc660d76e5
-
SSDEEP
6144:ocNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0Pld:ocWkbgTYWnYnt/IDYhPld
Behavioral task
behavioral1
Sample
20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
amfetominka.myddns.me:56265
amfetominka.myddns.me:52752
103.16.26.83:56265
103.16.26.83:52752
DC_MUTEX-G8ZTH20
-
gencode
Sk4vMUC5Mi2q
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118
-
Size
290KB
-
MD5
20c0e7db3abc359de1ea1b468f66e672
-
SHA1
c718750922cfa8a84b2996634b042e6d174e0bf6
-
SHA256
720398a159636f239c88e55bb75bf52bd7af634d8559b1f5090dbfa5baec8d81
-
SHA512
54df9179e8ebc0fe02f68dd62e8b2f45edbec53562f5b04735b6d4919ccec1719a943c4e5e605f884bda29401b0abb5d6e93898fb7943ead365155fc660d76e5
-
SSDEEP
6144:ocNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0Pld:ocWkbgTYWnYnt/IDYhPld
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-