General
-
Target
cc2f7185c6f4fb6308920d5a5676a600_JaffaCakes118
-
Size
718KB
-
Sample
241206-k4weqawkfl
-
MD5
cc2f7185c6f4fb6308920d5a5676a600
-
SHA1
2b5d0eb8e5cd4f76b3504e5011d8eed711c9fcb5
-
SHA256
fba9123755068d98735d9c5a00d99abd57a90acaccce9b1a0549c1aeb76613dc
-
SHA512
ffa55b7d96a57213c98374332d26463b9779bcaff52a509df9e523f8e4171770859666bcf07a7215c4c31941269c8d4d89f142d04df8337d7ff174859bf7c67a
-
SSDEEP
12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6m:b8p2goysF4taCgVRdiNlOQF309
Static task
static1
Behavioral task
behavioral1
Sample
cc2f7185c6f4fb6308920d5a5676a600_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
fo
127.0.0.1:1010
46.39.230.61:1010
DC_MUTEX-PR2UBLF
-
gencode
ovcHaFsW9bRT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
cc2f7185c6f4fb6308920d5a5676a600_JaffaCakes118
-
Size
718KB
-
MD5
cc2f7185c6f4fb6308920d5a5676a600
-
SHA1
2b5d0eb8e5cd4f76b3504e5011d8eed711c9fcb5
-
SHA256
fba9123755068d98735d9c5a00d99abd57a90acaccce9b1a0549c1aeb76613dc
-
SHA512
ffa55b7d96a57213c98374332d26463b9779bcaff52a509df9e523f8e4171770859666bcf07a7215c4c31941269c8d4d89f142d04df8337d7ff174859bf7c67a
-
SSDEEP
12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6m:b8p2goysF4taCgVRdiNlOQF309
-
Darkcomet family
-
Modifies security service
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-