General
-
Target
99845f856f924384f7dd5197fd29137d_JaffaCakes118
-
Size
1.3MB
-
Sample
240815-j6rnwatalh
-
MD5
99845f856f924384f7dd5197fd29137d
-
SHA1
252295035a411925232cff11d97f5e67c4847e52
-
SHA256
dfd22018f391695de3436e68005881f24cb84f1bdc9c0eb5e42600ebca94df7f
-
SHA512
8471b02edcd1985663990288235a98e5750ef75603c8e0eba084bb95791e1b867e9069c9d5047cba39baad72e5399ba9b3305df515493d9b40ad7f2aafd0e8ee
-
SSDEEP
24576:BP5VaIZE/4AtPhapwzHXddGXoVOYzA7uN3OrdJ:B2IZEnaerX3go1zjN3OZJ
Static task
static1
Behavioral task
behavioral1
Sample
99845f856f924384f7dd5197fd29137d_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
pvcoolio.no-ip.biz:1604
DC_MUTEX-F54S21D
-
gencode
2xgNmjalb1Py
-
install
false
-
offline_keylogger
true
-
password
123456
-
persistence
false
Targets
-
-
Target
99845f856f924384f7dd5197fd29137d_JaffaCakes118
-
Size
1.3MB
-
MD5
99845f856f924384f7dd5197fd29137d
-
SHA1
252295035a411925232cff11d97f5e67c4847e52
-
SHA256
dfd22018f391695de3436e68005881f24cb84f1bdc9c0eb5e42600ebca94df7f
-
SHA512
8471b02edcd1985663990288235a98e5750ef75603c8e0eba084bb95791e1b867e9069c9d5047cba39baad72e5399ba9b3305df515493d9b40ad7f2aafd0e8ee
-
SSDEEP
24576:BP5VaIZE/4AtPhapwzHXddGXoVOYzA7uN3OrdJ:B2IZEnaerX3go1zjN3OZJ
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-