General
-
Target
c4b042271c25b19cc8b2d36a8e17ea44_JaffaCakes118
-
Size
589KB
-
Sample
241204-2kyt6s1jhj
-
MD5
c4b042271c25b19cc8b2d36a8e17ea44
-
SHA1
c9ce05f7b6efb1adec66b1e99eb09dedeae07475
-
SHA256
7e66a26a7a2a2265ac8853903dc4c56a0a1a83c0de23ea9b54980f1858eb2789
-
SHA512
b5c589aa5850ef0fa8c7e5e4dcf1a9e0ed12ee4130e09ddc6ede3e17018bff00fddf043f7a2871bd23a18f45bb62e4eb0aeb603d214ee9148f917e21a13fc5d5
-
SSDEEP
12288:9ffLtEIQIu7k5sscLsD5iZqHyscNExmj1NT5BzYQR8NxOz8Y5oSU:9fTOIQIu7k5DzvLxm5Bl8sk
Behavioral task
behavioral1
Sample
c4b042271c25b19cc8b2d36a8e17ea44_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
c4b042271c25b19cc8b2d36a8e17ea44_JaffaCakes118
-
Size
589KB
-
MD5
c4b042271c25b19cc8b2d36a8e17ea44
-
SHA1
c9ce05f7b6efb1adec66b1e99eb09dedeae07475
-
SHA256
7e66a26a7a2a2265ac8853903dc4c56a0a1a83c0de23ea9b54980f1858eb2789
-
SHA512
b5c589aa5850ef0fa8c7e5e4dcf1a9e0ed12ee4130e09ddc6ede3e17018bff00fddf043f7a2871bd23a18f45bb62e4eb0aeb603d214ee9148f917e21a13fc5d5
-
SSDEEP
12288:9ffLtEIQIu7k5sscLsD5iZqHyscNExmj1NT5BzYQR8NxOz8Y5oSU:9fTOIQIu7k5DzvLxm5Bl8sk
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-