General
-
Target
880b03ac5957cdf909b50a6516ff015b_JaffaCakes118
-
Size
2.5MB
-
Sample
240810-24zwksxcpe
-
MD5
880b03ac5957cdf909b50a6516ff015b
-
SHA1
58082d7d1601fd728c800c7ad075f27b71e1ec23
-
SHA256
b535694854b8d5b129a358ea8a088c46c32b4922db7d4f1e7cb4af3d4259181c
-
SHA512
604e2038c57eb3e3a172779b2d6dfc2114b038c4997938804dc8960c219e8171750b9e914625b075ab580bba9571179a3f4128b25772bc2f4e3c1f718f26d6fd
-
SSDEEP
49152:4cPGd/uIKufYJr+VoLpmSJy0rTm9BPW+YTOdue1Wdv+r8YQ41X:4aGw+VoLpmSk0rslWhb46gQ+X
Behavioral task
behavioral1
Sample
880b03ac5957cdf909b50a6516ff015b_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
Guest16
agmal.no-ip.org:1604
DC_MUTEX-UZET8XQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
QgvjjfxfTCCb
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
crss
Targets
-
-
Target
880b03ac5957cdf909b50a6516ff015b_JaffaCakes118
-
Size
2.5MB
-
MD5
880b03ac5957cdf909b50a6516ff015b
-
SHA1
58082d7d1601fd728c800c7ad075f27b71e1ec23
-
SHA256
b535694854b8d5b129a358ea8a088c46c32b4922db7d4f1e7cb4af3d4259181c
-
SHA512
604e2038c57eb3e3a172779b2d6dfc2114b038c4997938804dc8960c219e8171750b9e914625b075ab580bba9571179a3f4128b25772bc2f4e3c1f718f26d6fd
-
SSDEEP
49152:4cPGd/uIKufYJr+VoLpmSJy0rTm9BPW+YTOdue1Wdv+r8YQ41X:4aGw+VoLpmSk0rslWhb46gQ+X
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-