General
-
Target
5e73e742dff9f01a03a17e813347ceb4_JaffaCakes118
-
Size
1.1MB
-
Sample
240720-bjnppstakg
-
MD5
5e73e742dff9f01a03a17e813347ceb4
-
SHA1
1b70f145455c4cc008b922cf0b1845ac073f7b18
-
SHA256
63fcc0fd7a9e678487ea99140b515b651ba764cb82fe6abbb75ef9b959cef15d
-
SHA512
b29dfdae65b63e3c90da38648c07a597fd65cb753f486f33f177408a75b517d27a47047bff6c51e1e53eb8b557a1695fa8961598d6a6061e15d0ef89a734a649
-
SSDEEP
24576:a4NEGIJYpSMAwWhC3VZe8Np9p1X5MAuUl:rFgMAwWhCL59p1+cl
Behavioral task
behavioral1
Sample
5e73e742dff9f01a03a17e813347ceb4_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
alsarab9a.no-ip.org:8484
DC_MUTEX-WTXU9WC
-
gencode
tMMhmTDtfC6t
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5e73e742dff9f01a03a17e813347ceb4_JaffaCakes118
-
Size
1.1MB
-
MD5
5e73e742dff9f01a03a17e813347ceb4
-
SHA1
1b70f145455c4cc008b922cf0b1845ac073f7b18
-
SHA256
63fcc0fd7a9e678487ea99140b515b651ba764cb82fe6abbb75ef9b959cef15d
-
SHA512
b29dfdae65b63e3c90da38648c07a597fd65cb753f486f33f177408a75b517d27a47047bff6c51e1e53eb8b557a1695fa8961598d6a6061e15d0ef89a734a649
-
SSDEEP
24576:a4NEGIJYpSMAwWhC3VZe8Np9p1X5MAuUl:rFgMAwWhCL59p1+cl
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-