General
-
Target
6d7347e903d7ed1465b03fe414932940_JaffaCakes118
-
Size
313KB
-
Sample
240725-axpy9axalq
-
MD5
6d7347e903d7ed1465b03fe414932940
-
SHA1
348d1922f49153b715aa8e78cfacec9f315c1215
-
SHA256
e0bf510264960c3ab3155aa02037f9f60e67a632e9e2feefd44e13fc425618d1
-
SHA512
93af3cd8a14d94ee284f6fdeed64af2f70127d0fb0eae26b69eb8dced2fc14bedd4eaef98ac3025fa81e9b6257fd0ccf2fa8a1ca6246129b832effe1bc028575
-
SSDEEP
6144:/JRbTrZgngKutvNmvj6545Ax3FpkhYBVEnlj+UMZfyLI7TUKd4z:BR/N50vj6iO1p6YBVEnlSU6fy+Tg
Static task
static1
Behavioral task
behavioral1
Sample
6d7347e903d7ed1465b03fe414932940_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
existencepowa.no-ip.info:1604
DC_MUTEX-W0CR02Y
-
gencode
icTdDYhoCJhM
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6d7347e903d7ed1465b03fe414932940_JaffaCakes118
-
Size
313KB
-
MD5
6d7347e903d7ed1465b03fe414932940
-
SHA1
348d1922f49153b715aa8e78cfacec9f315c1215
-
SHA256
e0bf510264960c3ab3155aa02037f9f60e67a632e9e2feefd44e13fc425618d1
-
SHA512
93af3cd8a14d94ee284f6fdeed64af2f70127d0fb0eae26b69eb8dced2fc14bedd4eaef98ac3025fa81e9b6257fd0ccf2fa8a1ca6246129b832effe1bc028575
-
SSDEEP
6144:/JRbTrZgngKutvNmvj6545Ax3FpkhYBVEnlj+UMZfyLI7TUKd4z:BR/N50vj6iO1p6YBVEnlSU6fy+Tg
-
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-