General
-
Target
67e6a67f5397c1ce77180f4d3cb51330_JaffaCakes118
-
Size
1.0MB
-
Sample
240723-rlsdnsvajp
-
MD5
67e6a67f5397c1ce77180f4d3cb51330
-
SHA1
367196dbdc09c295c6ec14dc3e983f810a0a7c55
-
SHA256
47871bb9d548507aabbc7e8ad58350fbdee144bac33cb0e5853557e6cd79fb20
-
SHA512
52b3a89376c47e5e92a831ace7ce8fceacbcddc38783adb8491506aadb6cdde7e0a02375e54f760cda2d5c88f474e90d1b4a561184ccfc867e4255cb90d3ef26
-
SSDEEP
24576:R////cnaUnwZZ8ZEWzEKOltxADTjwE0k3Ui3ZB/:QtwMZpwxDWPSoUM
Static task
static1
Behavioral task
behavioral1
Sample
67e6a67f5397c1ce77180f4d3cb51330_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
67e6a67f5397c1ce77180f4d3cb51330_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Hacked-nac
city972.no-ip.biz:1550
DC_MUTEX-C2BT3Z0
-
gencode
RlFJw1nz9gDT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
67e6a67f5397c1ce77180f4d3cb51330_JaffaCakes118
-
Size
1.0MB
-
MD5
67e6a67f5397c1ce77180f4d3cb51330
-
SHA1
367196dbdc09c295c6ec14dc3e983f810a0a7c55
-
SHA256
47871bb9d548507aabbc7e8ad58350fbdee144bac33cb0e5853557e6cd79fb20
-
SHA512
52b3a89376c47e5e92a831ace7ce8fceacbcddc38783adb8491506aadb6cdde7e0a02375e54f760cda2d5c88f474e90d1b4a561184ccfc867e4255cb90d3ef26
-
SSDEEP
24576:R////cnaUnwZZ8ZEWzEKOltxADTjwE0k3Ui3ZB/:QtwMZpwxDWPSoUM
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-