General
-
Target
7abce059de0e670f62c2f54a17b1b608_JaffaCakes118
-
Size
341KB
-
Sample
240731-bqkavstcjf
-
MD5
7abce059de0e670f62c2f54a17b1b608
-
SHA1
11dfefbf4b7ebf5a782306f01767db1dccc2ff47
-
SHA256
ae0f609a73fa287f0f63069b6b4c2d9a2ba6d41619bdab1b2f26930de4247fcc
-
SHA512
1dd14672c90822eb87ad6f7122d5ffaf19f5a58c0d4c6166498b16d3e3b82e3642abc3c247d9436ace98942b656155bbb150062721099909b13ca4eb41114f23
-
SSDEEP
6144:gyWABddALAHX4E/+NexHRJH9aEULwv9mpR+niWItgF8Yr6m:gqdWio/NmHrHMEUL3/IFLr6m
Static task
static1
Behavioral task
behavioral1
Sample
7abce059de0e670f62c2f54a17b1b608_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
Guest16
109.167.96.17:1604
DC_MUTEX-F54S21D
-
gencode
uv4QTrck2i1B
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
7abce059de0e670f62c2f54a17b1b608_JaffaCakes118
-
Size
341KB
-
MD5
7abce059de0e670f62c2f54a17b1b608
-
SHA1
11dfefbf4b7ebf5a782306f01767db1dccc2ff47
-
SHA256
ae0f609a73fa287f0f63069b6b4c2d9a2ba6d41619bdab1b2f26930de4247fcc
-
SHA512
1dd14672c90822eb87ad6f7122d5ffaf19f5a58c0d4c6166498b16d3e3b82e3642abc3c247d9436ace98942b656155bbb150062721099909b13ca4eb41114f23
-
SSDEEP
6144:gyWABddALAHX4E/+NexHRJH9aEULwv9mpR+niWItgF8Yr6m:gqdWio/NmHrHMEUL3/IFLr6m
-
Modifies firewall policy service
-
Modifies security service
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4