General
-
Target
cf1e4ffeefc80f972eca5e3b400bb73e_JaffaCakes118
-
Size
1.1MB
-
Sample
241206-1c5gbayles
-
MD5
cf1e4ffeefc80f972eca5e3b400bb73e
-
SHA1
bdbf9b01d3b2437028bab253b8f3968d7f5ca3fd
-
SHA256
f54e1036646ce191b56cd9984c875080a16aedd614777592ec677921c4730477
-
SHA512
b649016cc3f589be3b7b3da5e1e5bceba2b7ad74b5332a6700260d89ed286c4d7128f7b55db31c4d773218f8840280d9d6e6f38f1d9651dcf83e42d695a65a21
-
SSDEEP
24576:YRmYkcoQricOIrxiZY1iapYfsp0pMNJA:dYZoQrbT8ZY1iapMsSWJ
Static task
static1
Behavioral task
behavioral1
Sample
cf1e4ffeefc80f972eca5e3b400bb73e_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Extracted
darkcomet
SLaves
azerbajen.zapto.org:3267
DCMIN_MUTEX-5DCVJ72
-
gencode
fwaP1gw7o42f
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
cf1e4ffeefc80f972eca5e3b400bb73e_JaffaCakes118
-
Size
1.1MB
-
MD5
cf1e4ffeefc80f972eca5e3b400bb73e
-
SHA1
bdbf9b01d3b2437028bab253b8f3968d7f5ca3fd
-
SHA256
f54e1036646ce191b56cd9984c875080a16aedd614777592ec677921c4730477
-
SHA512
b649016cc3f589be3b7b3da5e1e5bceba2b7ad74b5332a6700260d89ed286c4d7128f7b55db31c4d773218f8840280d9d6e6f38f1d9651dcf83e42d695a65a21
-
SSDEEP
24576:YRmYkcoQricOIrxiZY1iapYfsp0pMNJA:dYZoQrbT8ZY1iapMsSWJ
-
Darkcomet family
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-