General
-
Target
60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118
-
Size
900KB
-
Sample
240721-qt4agavarm
-
MD5
60abe6287ed79eac69dbdf5bbbe56f71
-
SHA1
cb4bbf6abeec61f65066096e2d3b30bbd7db7ee1
-
SHA256
f9883c48df58c3670bf30c68c6a2a6241411c83e43a1aea0388e01242a01b688
-
SHA512
dda42cd6e5d671c697e417571c90e586274d99f4ac9c3996ecb053de38fddc41d59eb79d408214c25e7681b419209f9f97297fe744bb5720db61eef2de51bc61
-
SSDEEP
24576:R0nSSgGlXP1328fmHZRj9lPN8f/rdA8wO:R0nSSl91ulVKt
Static task
static1
Behavioral task
behavioral1
Sample
60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
bot
212.7.208.77:1604
DCMIN_MUTEX-VU3YMGD
-
gencode
9R6PZ1XMcL4g
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118
-
Size
900KB
-
MD5
60abe6287ed79eac69dbdf5bbbe56f71
-
SHA1
cb4bbf6abeec61f65066096e2d3b30bbd7db7ee1
-
SHA256
f9883c48df58c3670bf30c68c6a2a6241411c83e43a1aea0388e01242a01b688
-
SHA512
dda42cd6e5d671c697e417571c90e586274d99f4ac9c3996ecb053de38fddc41d59eb79d408214c25e7681b419209f9f97297fe744bb5720db61eef2de51bc61
-
SSDEEP
24576:R0nSSgGlXP1328fmHZRj9lPN8f/rdA8wO:R0nSSl91ulVKt
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-