General
-
Target
98be4a078bac66fff3d1c0973e7c5fb2_JaffaCakes118
-
Size
1.9MB
-
Sample
241125-c9c7bsznhj
-
MD5
98be4a078bac66fff3d1c0973e7c5fb2
-
SHA1
bf929da0eece286d16344b14c8ddc0303ce66b50
-
SHA256
adecfb84e4b9cacb643a9431a47b4bdb90fbd24efa470e63aba91306c6e126a3
-
SHA512
dd61fd686db033221da3129ab9232aaebfdb43940b229e2bdab7e266370a1a054ed84538e8c60aac2cb01ced418a6afdd03521234b75c1923a10cb03ec7201c1
-
SSDEEP
49152:pJZoQrbTFZY1iaqxp3Faa98sCv+ec4NwZnKmOZ:ptrbTA1G4+eaVZOZ
Static task
static1
Behavioral task
behavioral1
Sample
98be4a078bac66fff3d1c0973e7c5fb2_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
Guest16
aqo.no-ip.info:1604
DC_MUTEX-F54S21D
-
gencode
F31VgHVHZnQ6
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
98be4a078bac66fff3d1c0973e7c5fb2_JaffaCakes118
-
Size
1.9MB
-
MD5
98be4a078bac66fff3d1c0973e7c5fb2
-
SHA1
bf929da0eece286d16344b14c8ddc0303ce66b50
-
SHA256
adecfb84e4b9cacb643a9431a47b4bdb90fbd24efa470e63aba91306c6e126a3
-
SHA512
dd61fd686db033221da3129ab9232aaebfdb43940b229e2bdab7e266370a1a054ed84538e8c60aac2cb01ced418a6afdd03521234b75c1923a10cb03ec7201c1
-
SSDEEP
49152:pJZoQrbTFZY1iaqxp3Faa98sCv+ec4NwZnKmOZ:ptrbTA1G4+eaVZOZ
-
Darkcomet family
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-