General
-
Target
5a6e527a69494606e9e61b4fe43b3f3c_JaffaCakes118
-
Size
952KB
-
Sample
240719-ewk15awalg
-
MD5
5a6e527a69494606e9e61b4fe43b3f3c
-
SHA1
28629d1e41f234554203f1d05b3763cc8248a1d7
-
SHA256
dbcdda836ac2a9ed12d5094f08aaec704f66f8a72638966a01042e67195034d1
-
SHA512
ceb825a64362c10b8a48a82f1cb66abc25b583f1f56a2441ae034a8b16395c20ea5a39100a2cf5e66a20e07fd7c512ea2da95133f701761317d0845f9522390a
-
SSDEEP
24576:DvQjkUNjV11LIg3oTn7PgJwA1v+dp2eyIUOQTM7bl:DooUN7JIKmcO4vRI7bl
Static task
static1
Behavioral task
behavioral1
Sample
5a6e527a69494606e9e61b4fe43b3f3c_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
mw2511.no-ip.info:1604
DC_MUTEX-X5ZB8VS
-
gencode
wJ9iZPkp49th
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5a6e527a69494606e9e61b4fe43b3f3c_JaffaCakes118
-
Size
952KB
-
MD5
5a6e527a69494606e9e61b4fe43b3f3c
-
SHA1
28629d1e41f234554203f1d05b3763cc8248a1d7
-
SHA256
dbcdda836ac2a9ed12d5094f08aaec704f66f8a72638966a01042e67195034d1
-
SHA512
ceb825a64362c10b8a48a82f1cb66abc25b583f1f56a2441ae034a8b16395c20ea5a39100a2cf5e66a20e07fd7c512ea2da95133f701761317d0845f9522390a
-
SSDEEP
24576:DvQjkUNjV11LIg3oTn7PgJwA1v+dp2eyIUOQTM7bl:DooUN7JIKmcO4vRI7bl
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-