General
-
Target
7cfc2e8592972337a1a0b83343021e58_JaffaCakes118
-
Size
687KB
-
Sample
240731-s4qs8s1cnr
-
MD5
7cfc2e8592972337a1a0b83343021e58
-
SHA1
b21a87a45c71b5ceb4baee6677aab56ff3121dcb
-
SHA256
c31db88d84c7354d133632b9f8353be4b2c72c3a6afbd96bbea7c375c54b2edb
-
SHA512
0ec101287b7ec11f00e4540a024afd1553804fa2bcfab7cc148d1ce2abd6a3556078722b7bc0abe3e7d2b58a8e57295f9b20c4748f497771a7e7072833c67800
-
SSDEEP
12288:wHU5IQOEPuR1jxV+9AtjyHzv1BUceUdCV9+rC3t/rZgVdocRJy9mn58Wxp3kVchg:wHU5VOEP0r1tqMQQVMrCtGYIJq8JMVc6
Static task
static1
Behavioral task
behavioral1
Sample
7cfc2e8592972337a1a0b83343021e58_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
darkcomet
Guest16
gharibb5.no-ip.biz:100
DC_MUTEX-S6HBPMU
-
gencode
8KrEytga6ZnT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
7cfc2e8592972337a1a0b83343021e58_JaffaCakes118
-
Size
687KB
-
MD5
7cfc2e8592972337a1a0b83343021e58
-
SHA1
b21a87a45c71b5ceb4baee6677aab56ff3121dcb
-
SHA256
c31db88d84c7354d133632b9f8353be4b2c72c3a6afbd96bbea7c375c54b2edb
-
SHA512
0ec101287b7ec11f00e4540a024afd1553804fa2bcfab7cc148d1ce2abd6a3556078722b7bc0abe3e7d2b58a8e57295f9b20c4748f497771a7e7072833c67800
-
SSDEEP
12288:wHU5IQOEPuR1jxV+9AtjyHzv1BUceUdCV9+rC3t/rZgVdocRJy9mn58Wxp3kVchg:wHU5VOEP0r1tqMQQVMrCtGYIJq8JMVc6
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-