General
-
Target
92969ef07da41e4f6d640abe8386cce2_JaffaCakes118
-
Size
1003KB
-
Sample
240813-ly5a4s1hqq
-
MD5
92969ef07da41e4f6d640abe8386cce2
-
SHA1
4561685b1c9c2bc96caf825ea2c0a6e346cb7b32
-
SHA256
b8e5176b23d7cf38feeb9a1839a37ce1a51ed3b958c81db7c70b4b4e63239c72
-
SHA512
72e009884dde9cebac8494b341bb8d4df6377d353284aaf5604afeb295af6f7bffc9c83c52fad1f6b7c8b57d7cf4a4a6c60375bcc32e398720c6821c255f8c56
-
SSDEEP
12288:igxnEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkR:zB9XHR0Q4/CGXyTn7AsENBprMM9
Static task
static1
Behavioral task
behavioral1
Sample
92969ef07da41e4f6d640abe8386cce2_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
xkillerxserver.no-ip.biz:1604
DC_MUTEX-099JU55
-
gencode
r8wb6y83hZmw
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
92969ef07da41e4f6d640abe8386cce2_JaffaCakes118
-
Size
1003KB
-
MD5
92969ef07da41e4f6d640abe8386cce2
-
SHA1
4561685b1c9c2bc96caf825ea2c0a6e346cb7b32
-
SHA256
b8e5176b23d7cf38feeb9a1839a37ce1a51ed3b958c81db7c70b4b4e63239c72
-
SHA512
72e009884dde9cebac8494b341bb8d4df6377d353284aaf5604afeb295af6f7bffc9c83c52fad1f6b7c8b57d7cf4a4a6c60375bcc32e398720c6821c255f8c56
-
SSDEEP
12288:igxnEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkR:zB9XHR0Q4/CGXyTn7AsENBprMM9
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-