General
-
Target
81d7da6337a9a90de315daf0a9b58ec6_JaffaCakes118
-
Size
952KB
-
Sample
240801-1mh13axejq
-
MD5
81d7da6337a9a90de315daf0a9b58ec6
-
SHA1
10ca19ebef6e00c205b94594d75c78579f27c77f
-
SHA256
bbe216179efc421544da9c7106a96fe38586a20307532895be55ffd053869f40
-
SHA512
9197c4222cfb2af26543d31b21cde22426029b6eaa9a27c59cd289128233540e4f330447a0c8990f3c9235d2cbdf7503a8bd6c28a07441140c7d950fe965febc
-
SSDEEP
24576:5xvY94DlNYwzezJdfkz91PHmM7+lzRAdiSdu9uyhq:HEK3CNkDGM72RiiyA
Behavioral task
behavioral1
Sample
81d7da6337a9a90de315daf0a9b58ec6_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
mrkxk.no-ip.info:4321
DC_MUTEX-Q9TKZAR
-
gencode
2fE0gqGHvbCn
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
81d7da6337a9a90de315daf0a9b58ec6_JaffaCakes118
-
Size
952KB
-
MD5
81d7da6337a9a90de315daf0a9b58ec6
-
SHA1
10ca19ebef6e00c205b94594d75c78579f27c77f
-
SHA256
bbe216179efc421544da9c7106a96fe38586a20307532895be55ffd053869f40
-
SHA512
9197c4222cfb2af26543d31b21cde22426029b6eaa9a27c59cd289128233540e4f330447a0c8990f3c9235d2cbdf7503a8bd6c28a07441140c7d950fe965febc
-
SSDEEP
24576:5xvY94DlNYwzezJdfkz91PHmM7+lzRAdiSdu9uyhq:HEK3CNkDGM72RiiyA
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-