General
-
Target
5f44ff7305c97d69e90a70cb11a51f08_JaffaCakes118
-
Size
1.5MB
-
Sample
240520-qhs1cscf71
-
MD5
5f44ff7305c97d69e90a70cb11a51f08
-
SHA1
be1454f0194e0d67967f488fece3b95479362b32
-
SHA256
b272f8adb317c5fa71ca69becbca71ad661081f963ffdd01105eab2332e3c298
-
SHA512
d5b237b06dc115eeb39817b7fe04461c8c4ac05eb996244ea65afcab715e28f0bea7efeadfcdede6f9461802ba0f67e1642638e01b75adbd49535a83136ff311
-
SSDEEP
24576:oRmJkcoQricOIQxiZY1iaFWR444fq4444444444444444444444444444444444N:NJZoQrbTFZY1iaAR444ftVB7LvP2ky
Static task
static1
Behavioral task
behavioral1
Sample
5f44ff7305c97d69e90a70cb11a51f08_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Host...7
jimmykarcter.ddnsking.com:1491
DC_MUTEX-PS4J221
-
gencode
61wK7ycJ0Rd9
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5f44ff7305c97d69e90a70cb11a51f08_JaffaCakes118
-
Size
1.5MB
-
MD5
5f44ff7305c97d69e90a70cb11a51f08
-
SHA1
be1454f0194e0d67967f488fece3b95479362b32
-
SHA256
b272f8adb317c5fa71ca69becbca71ad661081f963ffdd01105eab2332e3c298
-
SHA512
d5b237b06dc115eeb39817b7fe04461c8c4ac05eb996244ea65afcab715e28f0bea7efeadfcdede6f9461802ba0f67e1642638e01b75adbd49535a83136ff311
-
SSDEEP
24576:oRmJkcoQricOIQxiZY1iaFWR444fq4444444444444444444444444444444444N:NJZoQrbTFZY1iaAR444ftVB7LvP2ky
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-