General
-
Target
6713143bff2698120466897c617714b6_JaffaCakes118
-
Size
436KB
-
Sample
240723-lrrfnszanb
-
MD5
6713143bff2698120466897c617714b6
-
SHA1
7b280a01ebef171aa565c348201f5c53477c7800
-
SHA256
60dbdec0ec25f470df6e9ab29e445c100be65364067b7e74c6c95d484e278557
-
SHA512
9de4a7d51cb846e775ffdacd86e4d511ca6d170fc5d0ef230548619a81a2aeb678c5bcb91e910a63af9b2c23f4bbd1bec85d4f76bdd6a70f6e6e3d199984f60c
-
SSDEEP
12288:fxlpLnAXramRWX8bZAMMAPkvs5gDmMmabt7X9Rhj:fXpLZ4Cj44t7X9R
Static task
static1
Behavioral task
behavioral1
Sample
6713143bff2698120466897c617714b6_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
TUBBY
24.21.77.148:1604
24.21.77.148:8080
DC_MUTEX-8KN114X
-
gencode
zcNk1kGyyC30
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6713143bff2698120466897c617714b6_JaffaCakes118
-
Size
436KB
-
MD5
6713143bff2698120466897c617714b6
-
SHA1
7b280a01ebef171aa565c348201f5c53477c7800
-
SHA256
60dbdec0ec25f470df6e9ab29e445c100be65364067b7e74c6c95d484e278557
-
SHA512
9de4a7d51cb846e775ffdacd86e4d511ca6d170fc5d0ef230548619a81a2aeb678c5bcb91e910a63af9b2c23f4bbd1bec85d4f76bdd6a70f6e6e3d199984f60c
-
SSDEEP
12288:fxlpLnAXramRWX8bZAMMAPkvs5gDmMmabt7X9Rhj:fXpLZ4Cj44t7X9R
-
Drops file in Drivers directory
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-