General
-
Target
620af7b60cd12d45630c8d254c158139_JaffaCakes118
-
Size
704KB
-
Sample
240722-arg2fsvdrn
-
MD5
620af7b60cd12d45630c8d254c158139
-
SHA1
e8376adb5c5824c48cb73a0205ff567232e813eb
-
SHA256
ead0fc8e813f6db3cf84cee547be2f6f1c9f03b606421c736f11c062937c3dc9
-
SHA512
9d5d7e44a4066dec8b0795310720a5da432e1b8582eb9a9e79a60889540effd4cff3a4d2781237aee71515b580b86f163de51960f49b78c3e5f8867c4728800b
-
SSDEEP
12288:M7pgQNvpFBNpQQqiR7RD3rvPFz/drQtQl2G+ot9PlHY6hRxuU00:M3NvVNqXiRRrHrB2GLl1M3
Static task
static1
Behavioral task
behavioral1
Sample
620af7b60cd12d45630c8d254c158139_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
avec_dns
dark-sam.no-ip.org:1604
DC_MUTEX-E99E03J
-
gencode
q4T9jpjHRf00
-
install
false
-
offline_keylogger
true
-
password
180818sa
-
persistence
false
Targets
-
-
Target
620af7b60cd12d45630c8d254c158139_JaffaCakes118
-
Size
704KB
-
MD5
620af7b60cd12d45630c8d254c158139
-
SHA1
e8376adb5c5824c48cb73a0205ff567232e813eb
-
SHA256
ead0fc8e813f6db3cf84cee547be2f6f1c9f03b606421c736f11c062937c3dc9
-
SHA512
9d5d7e44a4066dec8b0795310720a5da432e1b8582eb9a9e79a60889540effd4cff3a4d2781237aee71515b580b86f163de51960f49b78c3e5f8867c4728800b
-
SSDEEP
12288:M7pgQNvpFBNpQQqiR7RD3rvPFz/drQtQl2G+ot9PlHY6hRxuU00:M3NvVNqXiRRrHrB2GLl1M3
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-