General
-
Target
64d0787df9bff4b22b0efbe10012799f_JaffaCakes118
-
Size
567KB
-
Sample
240521-z9rq2sba4w
-
MD5
64d0787df9bff4b22b0efbe10012799f
-
SHA1
510d0e057a80c07cabc8984b314201d307552202
-
SHA256
db1b76a817d80a04dfe6236b050aad2e147374023b96d2fc2f5d76f500e8c8a5
-
SHA512
14b61b411c08fd189456cd846365580f37ffd8f105a5de5a3821eaaefa92e51a69654b062832abdd56370cd9b78c738b4a3336e7ff1f721af32c486ed4fd8464
-
SSDEEP
12288:/Rt5mpgq+SlbY4LbnoTbtzrzj/QK2HTm/TUQMN2K5arBPcHxIpR:v0+qdLboXtbj/N2zmsRarB6If
Static task
static1
Behavioral task
behavioral1
Sample
Satoshimines Bot v.1.5/Satoshimines Bot v.1.5.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
lisa000.hopto.org:1606
DC_MUTEX-Q6C5RK4
-
gencode
f2TScExw93wd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
Satoshimines Bot v.1.5/Satoshimines Bot v.1.5.exe
-
Size
828KB
-
MD5
3cc0ae207c7597abbe76ba8d60465d00
-
SHA1
1117b9cc9ffeb6b1ae95c97c5dd00bf024d24749
-
SHA256
e2f3cafdafc0f70cdde815608b64021924b0f692b3eeeebaf21f43170d842697
-
SHA512
23ffddaad4e792e6968e84b96a44dccca3b761edc3d09c95d69da5fbfb046f3687368f70a6d606f2311676c9aa7861d38555ca5c6c9e619a85eea9e7352abdd5
-
SSDEEP
12288:/nugCZKX4u2O1jUQLl4xohDzKi/WwYvcBwg61ikvvA33cBU7keVZ:2gCQXFFLl44DWPcBwg6osvA3x7kAZ
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-