General
-
Target
7d6816ca8761c9611542c326105efbbf_JaffaCakes118
-
Size
708KB
-
Sample
240731-wk1qwa1cnh
-
MD5
7d6816ca8761c9611542c326105efbbf
-
SHA1
8ad553cd6ee105cf6050b8017ecf88319fc4ff8c
-
SHA256
f37dc2aab4817b85c6b2caf9c5ed0790d4613fd9248207c7c37270c13aafed4c
-
SHA512
3d62ec55922034b43828ad2232b89b72db0a08af7bcff1047ed27c6174f18ddb6e76f7433584e02e548abcdd2eb77d143ef8d3dce744fc18d667a2d85764b853
-
SSDEEP
12288:GkgiBS7Q7MKrOtxf+zbp6+rZg5vqxsIM3Ep5DPEL1Corj5pRXQhYuRv86:ZV8U7MVxIFbZgpqfR5o3j5PACyj
Static task
static1
Behavioral task
behavioral1
Sample
7d6816ca8761c9611542c326105efbbf_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
mynet.m3th.org:8745
DC_MUTEX-2AE3ZR7
-
gencode
MRTgxCEg0e7q
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
7d6816ca8761c9611542c326105efbbf_JaffaCakes118
-
Size
708KB
-
MD5
7d6816ca8761c9611542c326105efbbf
-
SHA1
8ad553cd6ee105cf6050b8017ecf88319fc4ff8c
-
SHA256
f37dc2aab4817b85c6b2caf9c5ed0790d4613fd9248207c7c37270c13aafed4c
-
SHA512
3d62ec55922034b43828ad2232b89b72db0a08af7bcff1047ed27c6174f18ddb6e76f7433584e02e548abcdd2eb77d143ef8d3dce744fc18d667a2d85764b853
-
SSDEEP
12288:GkgiBS7Q7MKrOtxf+zbp6+rZg5vqxsIM3Ep5DPEL1Corj5pRXQhYuRv86:ZV8U7MVxIFbZgpqfR5o3j5PACyj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-