General
-
Target
795524a907a4dbc2da64cd1adc05a937_JaffaCakes118
-
Size
911KB
-
Sample
240730-vppnqstflb
-
MD5
795524a907a4dbc2da64cd1adc05a937
-
SHA1
6e9c7a36893a4a99bfba6a70370a735f68feb776
-
SHA256
b6d774f32aeef2ca1da256b632e71d4c05d0e2a185c8caafbe1b145cf0cdf89d
-
SHA512
52814ca0421defcebce1271d8f28e84d84b82a187de42bc90950c8a7912300a41b7be6654842c767f1a3582eebd6dbbad6f46d88ce48872c5211d34eb0a5e702
-
SSDEEP
12288:lBOfsQoumCC4WnqLdsNm/CahWxn8rQdjU2zQiWfLFTmEyuPXe6N+x3/Ds4IM:lBQsQbmSMqLY9Lxn8ruKbTmEyQ+x3d
Static task
static1
Behavioral task
behavioral1
Sample
795524a907a4dbc2da64cd1adc05a937_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
rstown123.no-ip.biz:3081
127.0.0.1:3081
DC_MUTEX-RMDNQLX
-
gencode
xglDrK2gwChT
-
install
false
-
offline_keylogger
false
-
password
180125
-
persistence
false
Targets
-
-
Target
795524a907a4dbc2da64cd1adc05a937_JaffaCakes118
-
Size
911KB
-
MD5
795524a907a4dbc2da64cd1adc05a937
-
SHA1
6e9c7a36893a4a99bfba6a70370a735f68feb776
-
SHA256
b6d774f32aeef2ca1da256b632e71d4c05d0e2a185c8caafbe1b145cf0cdf89d
-
SHA512
52814ca0421defcebce1271d8f28e84d84b82a187de42bc90950c8a7912300a41b7be6654842c767f1a3582eebd6dbbad6f46d88ce48872c5211d34eb0a5e702
-
SSDEEP
12288:lBOfsQoumCC4WnqLdsNm/CahWxn8rQdjU2zQiWfLFTmEyuPXe6N+x3/Ds4IM:lBQsQbmSMqLY9Lxn8ruKbTmEyQ+x3d
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-