General
-
Target
cc3f65c0563e924334171c34739b93a1_JaffaCakes118
-
Size
406KB
-
Sample
241206-lc7jcazrdt
-
MD5
cc3f65c0563e924334171c34739b93a1
-
SHA1
57a2c69cabe40bf0029659ec85b7973a5b66cb60
-
SHA256
f8a84bf759c8278809dc27249a20fa793b79e3143e6c5eeddab71fc551851a64
-
SHA512
6891469562eb8db984370a90c56a903c6da70dad4774ba0107f235351a2fbc8f448f6259f42e0b1f68742d8d06b889d8ed79bd1bf676dff9668cb316393adb9e
-
SSDEEP
12288:OA7Z754T7Yx9Zg9FwKAFq20/Q4QaXCptDl1nSf:OA7N5G7X9DAFqdoQSpt
Static task
static1
Behavioral task
behavioral1
Sample
cc3f65c0563e924334171c34739b93a1_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcomet
mike1
hack222.no-ip.org:9999
DC_MUTEX-6FY2DLH
-
gencode
GojiebcNvf2x
-
install
false
-
offline_keylogger
true
-
password
237566
-
persistence
false
Targets
-
-
Target
cc3f65c0563e924334171c34739b93a1_JaffaCakes118
-
Size
406KB
-
MD5
cc3f65c0563e924334171c34739b93a1
-
SHA1
57a2c69cabe40bf0029659ec85b7973a5b66cb60
-
SHA256
f8a84bf759c8278809dc27249a20fa793b79e3143e6c5eeddab71fc551851a64
-
SHA512
6891469562eb8db984370a90c56a903c6da70dad4774ba0107f235351a2fbc8f448f6259f42e0b1f68742d8d06b889d8ed79bd1bf676dff9668cb316393adb9e
-
SSDEEP
12288:OA7Z754T7Yx9Zg9FwKAFq20/Q4QaXCptDl1nSf:OA7N5G7X9DAFqdoQSpt
-
Darkcomet family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-