General
-
Target
11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118
-
Size
711KB
-
Sample
240626-l6dhcszard
-
MD5
11a045b6b809c60cf7dd66e88f78c6f5
-
SHA1
4d7724ac49fd2bf7db7804fe31484b9e7a7be470
-
SHA256
9587d1280f902814a977f5f836d97e8327b98d7848b2e4e653774ffb62b4d298
-
SHA512
3948fa93f98c2b31b14fbce025c433378dfdeb17044c82106c9f42d841aecd73f05cd120cbf4b969ce07ead5ed2fcb2993faffcd840aa0d1abf3708d316a6565
-
SSDEEP
12288:i+2hYTMcLBzn7H0Hjnu/qNUbypFDMjLl3g6400QXonT4Fc/IoRT85EgwG3U30s7n:i+sYTBBz7HcDu8U2zAjLRK0jERmEKC7n
Static task
static1
Behavioral task
behavioral1
Sample
11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
blah
cyberprodigy.no-ip.org:1337
DCMIN_MUTEX-JDW4X1E
-
gencode
N8tcBB7ZycTr
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118
-
Size
711KB
-
MD5
11a045b6b809c60cf7dd66e88f78c6f5
-
SHA1
4d7724ac49fd2bf7db7804fe31484b9e7a7be470
-
SHA256
9587d1280f902814a977f5f836d97e8327b98d7848b2e4e653774ffb62b4d298
-
SHA512
3948fa93f98c2b31b14fbce025c433378dfdeb17044c82106c9f42d841aecd73f05cd120cbf4b969ce07ead5ed2fcb2993faffcd840aa0d1abf3708d316a6565
-
SSDEEP
12288:i+2hYTMcLBzn7H0Hjnu/qNUbypFDMjLl3g6400QXonT4Fc/IoRT85EgwG3U30s7n:i+sYTBBz7HcDu8U2zAjLRK0jERmEKC7n
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-