General
-
Target
986eb9bcb3d302e50d0f7d49c145873f_JaffaCakes118
-
Size
939KB
-
Sample
240815-bxgtbaseqp
-
MD5
986eb9bcb3d302e50d0f7d49c145873f
-
SHA1
ab36ae214c653d7bcb5031eda9ebbfbdafbb8b45
-
SHA256
362afceca2f381a7da055c2abd638bb8e2286358a70279bbf6fdb79f90e60733
-
SHA512
b7837266359f822bcaa0bd6f5868315d5b0756fe7005bc9ebb4ba70515c21bd2303a43ee3c23daf92b5d766fc254686422ec1ce000a3716861e35d29f29078b1
-
SSDEEP
24576:qQ6NbCTaG2JH7/aK8Ll8DTwhqB0qPxWxWx2z:UCmG2JbSCTWWWYs
Behavioral task
behavioral1
Sample
986eb9bcb3d302e50d0f7d49c145873f_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-J3YCHVQ
-
gencode
g6LYn1Rea157
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
986eb9bcb3d302e50d0f7d49c145873f_JaffaCakes118
-
Size
939KB
-
MD5
986eb9bcb3d302e50d0f7d49c145873f
-
SHA1
ab36ae214c653d7bcb5031eda9ebbfbdafbb8b45
-
SHA256
362afceca2f381a7da055c2abd638bb8e2286358a70279bbf6fdb79f90e60733
-
SHA512
b7837266359f822bcaa0bd6f5868315d5b0756fe7005bc9ebb4ba70515c21bd2303a43ee3c23daf92b5d766fc254686422ec1ce000a3716861e35d29f29078b1
-
SSDEEP
24576:qQ6NbCTaG2JH7/aK8Ll8DTwhqB0qPxWxWx2z:UCmG2JbSCTWWWYs
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-