General
-
Target
7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118
-
Size
811KB
-
Sample
240801-etw1lswbmd
-
MD5
7f21fde877be1b7c23224ae5d8d96cae
-
SHA1
341ff0dcb29963d2786005b78e2989353038aab0
-
SHA256
f796639bdade2f187651908be00a29dfca3a6ee5654dc2bc1defc1a02e3123e0
-
SHA512
60ed0e5b847a024a13f9ddabbb3ab38cf035c7df5da5f8f7b1e6779221da7cc9afca52144693031841ec8821f688061c950970b23f5b680e841e6c1c0b413c75
-
SSDEEP
12288:aRI74YVALgQfYf8qxnSJndiTgSs0ipnwgypD6P8WZycDx0+u7zpgZRDo/:aRC4YVA8QEt5gCsTwD6Ulcu/uZRDo
Static task
static1
Behavioral task
behavioral1
Sample
7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
darkcomet
Guest16_min
sourisdagneau.zapto.org:1702
DCMIN_MUTEX-PB8TK76
-
gencode
CLp9ijrAtWzK
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
latentbot
sourisdagneau.zapto.org
Targets
-
-
Target
7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118
-
Size
811KB
-
MD5
7f21fde877be1b7c23224ae5d8d96cae
-
SHA1
341ff0dcb29963d2786005b78e2989353038aab0
-
SHA256
f796639bdade2f187651908be00a29dfca3a6ee5654dc2bc1defc1a02e3123e0
-
SHA512
60ed0e5b847a024a13f9ddabbb3ab38cf035c7df5da5f8f7b1e6779221da7cc9afca52144693031841ec8821f688061c950970b23f5b680e841e6c1c0b413c75
-
SSDEEP
12288:aRI74YVALgQfYf8qxnSJndiTgSs0ipnwgypD6P8WZycDx0+u7zpgZRDo/:aRC4YVA8QEt5gCsTwD6Ulcu/uZRDo
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-