General
-
Target
67c9f1b0bf6b5d8ac8eb53c22dad5688_JaffaCakes118
-
Size
717KB
-
Sample
240723-qwmqhawara
-
MD5
67c9f1b0bf6b5d8ac8eb53c22dad5688
-
SHA1
2015915844759fee3d0a3069c93f9b28795ceb46
-
SHA256
69b2a3b438e568feb73d429e1478588003d606f81a20b5174ea4e8fb75ebde4b
-
SHA512
882769525f3d3c5e880b6d455989a2f508144391510c3b5758c3f2b91a3a2122f721d99ce95ac85c5b20266c1c52f35a38c95c610644603cdd95822e4a08ac8d
-
SSDEEP
12288:FdcwXXPnn1Ygth9v3IKVRRuUUxCjdsb588/aL539Pe+mVdhRt+INt2WlJHmpR:FdRv7Xv3dufCjd5G2ne+mVdhrZNEws
Static task
static1
Behavioral task
behavioral1
Sample
67c9f1b0bf6b5d8ac8eb53c22dad5688_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
67c9f1b0bf6b5d8ac8eb53c22dad5688_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
NewestFUD
darkcometnotbs.no-ip.org:999
DC_MUTEX-6K82Y6L
-
gencode
J2dlaWGFf8qj
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
67c9f1b0bf6b5d8ac8eb53c22dad5688_JaffaCakes118
-
Size
717KB
-
MD5
67c9f1b0bf6b5d8ac8eb53c22dad5688
-
SHA1
2015915844759fee3d0a3069c93f9b28795ceb46
-
SHA256
69b2a3b438e568feb73d429e1478588003d606f81a20b5174ea4e8fb75ebde4b
-
SHA512
882769525f3d3c5e880b6d455989a2f508144391510c3b5758c3f2b91a3a2122f721d99ce95ac85c5b20266c1c52f35a38c95c610644603cdd95822e4a08ac8d
-
SSDEEP
12288:FdcwXXPnn1Ygth9v3IKVRRuUUxCjdsb588/aL539Pe+mVdhRt+INt2WlJHmpR:FdRv7Xv3dufCjd5G2ne+mVdhrZNEws
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-