General
-
Target
832ba48b173a9e9b47be20ec969abc8f_JaffaCakes118
-
Size
1.1MB
-
Sample
240802-fx1nmsxglq
-
MD5
832ba48b173a9e9b47be20ec969abc8f
-
SHA1
0245f27ffbb0614f7e2cb74dd15a640831533173
-
SHA256
3173db4450adccb8b91494e9d85112fbf3bcf5378d2c78aca0685053d6bac104
-
SHA512
c7b8266ccaf73287c0af8024fffb3ba27c68800a3a4ff304deb1c50d6e814b91f860d1d609c32238c01a1ced7d2de03dc5aa43dcce509f32bc7ef177ff69589d
-
SSDEEP
12288:IcF18NtKGVcGYBg5IZ8cGjjiZOHfaM2nmA+KECqPUPY6Cx0/VHFJvvBU+dA4Qgx:BFPdBg5fci/qxEBT2NvdAm
Behavioral task
behavioral1
Sample
832ba48b173a9e9b47be20ec969abc8f_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-46VFR27
-
gencode
5Ad9NjhAabCv
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
832ba48b173a9e9b47be20ec969abc8f_JaffaCakes118
-
Size
1.1MB
-
MD5
832ba48b173a9e9b47be20ec969abc8f
-
SHA1
0245f27ffbb0614f7e2cb74dd15a640831533173
-
SHA256
3173db4450adccb8b91494e9d85112fbf3bcf5378d2c78aca0685053d6bac104
-
SHA512
c7b8266ccaf73287c0af8024fffb3ba27c68800a3a4ff304deb1c50d6e814b91f860d1d609c32238c01a1ced7d2de03dc5aa43dcce509f32bc7ef177ff69589d
-
SSDEEP
12288:IcF18NtKGVcGYBg5IZ8cGjjiZOHfaM2nmA+KECqPUPY6Cx0/VHFJvvBU+dA4Qgx:BFPdBg5fci/qxEBT2NvdAm
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-