General
-
Target
5e8b261b2ab99f06e77bf0d88f0a3c55_JaffaCakes118
-
Size
1.1MB
-
Sample
240720-b25qya1apk
-
MD5
5e8b261b2ab99f06e77bf0d88f0a3c55
-
SHA1
cb4e97d9da4d7af8a00bf1aaa936c4386ad1810a
-
SHA256
258a27f2673911f1eca57e5cc9dba3fe59aff1c1c5ce560657e33f7ede7e7814
-
SHA512
75084fceeed6b1f4fa8da3cc9a045fea02c346463fdc83588cdef45020baec0675d17f7beec2dcdf082d536bac1e65091d00a3cc282662691d2763c62d1e9318
-
SSDEEP
24576:0QngjbzyTN3kxvztTIlQgRE1VsozgTJ4m1FuX6ASxly3sh5:0QsKyxvZgmrlkTJ4+FuX9cz
Behavioral task
behavioral1
Sample
5e8b261b2ab99f06e77bf0d88f0a3c55_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
m20sh9.no-ip.org:1515
DC_MUTEX-F54S21D
-
gencode
HkfdS0LdKkgi
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5e8b261b2ab99f06e77bf0d88f0a3c55_JaffaCakes118
-
Size
1.1MB
-
MD5
5e8b261b2ab99f06e77bf0d88f0a3c55
-
SHA1
cb4e97d9da4d7af8a00bf1aaa936c4386ad1810a
-
SHA256
258a27f2673911f1eca57e5cc9dba3fe59aff1c1c5ce560657e33f7ede7e7814
-
SHA512
75084fceeed6b1f4fa8da3cc9a045fea02c346463fdc83588cdef45020baec0675d17f7beec2dcdf082d536bac1e65091d00a3cc282662691d2763c62d1e9318
-
SSDEEP
24576:0QngjbzyTN3kxvztTIlQgRE1VsozgTJ4m1FuX6ASxly3sh5:0QsKyxvZgmrlkTJ4+FuX9cz
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-