General
-
Target
d78dafe49116f809d7b69cc4e28d59bd_JaffaCakes118
-
Size
1.6MB
-
Sample
240910-ehzmcswaqp
-
MD5
d78dafe49116f809d7b69cc4e28d59bd
-
SHA1
79fff69dbd37cdf1a787f065a2da6ad60fd89900
-
SHA256
acf313d1a705f3de1430dd0056c424417508c84cfce28beaaa8bced4e15e751b
-
SHA512
fb9641d12b94beae324dc0ff7c634f555d3d7f5de21b2cce510eeb90dda2a26a31d776a499eaa0ef5dfa9e27532d5e65251ca244ab12d03892cf01b34f0894b6
-
SSDEEP
24576:CziEYxyUt70b7sTJb0HxP7kOw17mjIpn2KwJfV9:RV00p0RP75o6jUnxcfH
Static task
static1
Behavioral task
behavioral1
Sample
d78dafe49116f809d7b69cc4e28d59bd_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
hacked
sulumanco.duckdns.org:4000
DCMIN_MUTEX-5JGPC4U
-
gencode
PSXl8AA8UgHs
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d78dafe49116f809d7b69cc4e28d59bd_JaffaCakes118
-
Size
1.6MB
-
MD5
d78dafe49116f809d7b69cc4e28d59bd
-
SHA1
79fff69dbd37cdf1a787f065a2da6ad60fd89900
-
SHA256
acf313d1a705f3de1430dd0056c424417508c84cfce28beaaa8bced4e15e751b
-
SHA512
fb9641d12b94beae324dc0ff7c634f555d3d7f5de21b2cce510eeb90dda2a26a31d776a499eaa0ef5dfa9e27532d5e65251ca244ab12d03892cf01b34f0894b6
-
SSDEEP
24576:CziEYxyUt70b7sTJb0HxP7kOw17mjIpn2KwJfV9:RV00p0RP75o6jUnxcfH
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-