General
-
Target
66ca9bc0164c71828de8c621f6f5d686_JaffaCakes118
-
Size
736KB
-
Sample
240723-j46d9axalm
-
MD5
66ca9bc0164c71828de8c621f6f5d686
-
SHA1
6adb12fb6dce933039908fbd729483d99663d8ef
-
SHA256
438dff2661df9500aabba12b6420ae02f6dd8679c0818a9f47d14681cb3cb834
-
SHA512
613941bdbe314d8f68ff68de2346de309fd229667bd8b4fcd6d4c1f9eb6b233b5c65cda6fde08b77addda4a67b7d8eff2e8b2e32ba5c0554cf5c7b730445434b
-
SSDEEP
12288:ReEViAhLrd6wS3dT0UmII0EDudAVkeeglrI2s+LfQndQnXzQ48LDI/JnRpJspkQQ:VViePdTANmIj3ElsP+L2iXzQpq1bJf1n
Static task
static1
Behavioral task
behavioral1
Sample
66ca9bc0164c71828de8c621f6f5d686_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Shell
internetlogger.no-ip.org:3174
DC_MUTEX-MJVY139
-
gencode
PQ93Ux15jXRd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
66ca9bc0164c71828de8c621f6f5d686_JaffaCakes118
-
Size
736KB
-
MD5
66ca9bc0164c71828de8c621f6f5d686
-
SHA1
6adb12fb6dce933039908fbd729483d99663d8ef
-
SHA256
438dff2661df9500aabba12b6420ae02f6dd8679c0818a9f47d14681cb3cb834
-
SHA512
613941bdbe314d8f68ff68de2346de309fd229667bd8b4fcd6d4c1f9eb6b233b5c65cda6fde08b77addda4a67b7d8eff2e8b2e32ba5c0554cf5c7b730445434b
-
SSDEEP
12288:ReEViAhLrd6wS3dT0UmII0EDudAVkeeglrI2s+LfQndQnXzQ48LDI/JnRpJspkQQ:VViePdTANmIj3ElsP+L2iXzQpq1bJf1n
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-