General
-
Target
96ab2d958032ed31e4c4a9cc17b0a189_JaffaCakes118
-
Size
1.0MB
-
Sample
240814-sx28pavcrp
-
MD5
96ab2d958032ed31e4c4a9cc17b0a189
-
SHA1
87d4306467f4921813ffab0f2403ba9b15d89d57
-
SHA256
620750ba49718905eecc153a16cb5c11427c945e4a126873b789f2c2f111e9e8
-
SHA512
c7bf4bbe319367b2fd44a8601b815211fd7be8e63f22e6230980f383117f5f44329e7cbb17f55ac14b3a488a92e470baee6f99670b8d1fcd0a8575fb162ab206
-
SSDEEP
12288:8lyOEIzifoEqqx2XcLnsYRg87cvCPAq3djaCRvUXC9KykRvWIb0aeeXXR+oGElkb:lAXOsH6raCSXC9ZQb0beRbGFz+BO/
Static task
static1
Behavioral task
behavioral1
Sample
96ab2d958032ed31e4c4a9cc17b0a189_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
apexdc.zapto.org:1604
DC_MUTEX-PFS0EXK
-
gencode
5ouYPzE4Twyj
-
install
false
-
offline_keylogger
true
-
password
ujeucm6296
-
persistence
false
Targets
-
-
Target
96ab2d958032ed31e4c4a9cc17b0a189_JaffaCakes118
-
Size
1.0MB
-
MD5
96ab2d958032ed31e4c4a9cc17b0a189
-
SHA1
87d4306467f4921813ffab0f2403ba9b15d89d57
-
SHA256
620750ba49718905eecc153a16cb5c11427c945e4a126873b789f2c2f111e9e8
-
SHA512
c7bf4bbe319367b2fd44a8601b815211fd7be8e63f22e6230980f383117f5f44329e7cbb17f55ac14b3a488a92e470baee6f99670b8d1fcd0a8575fb162ab206
-
SSDEEP
12288:8lyOEIzifoEqqx2XcLnsYRg87cvCPAq3djaCRvUXC9KykRvWIb0aeeXXR+oGElkb:lAXOsH6raCSXC9ZQb0beRbGFz+BO/
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-