General
-
Target
d3d9946a31788e942a5be610403c438b_JaffaCakes118
-
Size
909KB
-
Sample
241207-13jmja1rhn
-
MD5
d3d9946a31788e942a5be610403c438b
-
SHA1
2522f9e1026bfbb484dc49195bb748bc1fa18697
-
SHA256
0f064e59e76ae6dbf98f7638c9081949de309e94a3003efd60ee5f4100394b42
-
SHA512
dcb5471edf7d146dd95b47c07d72ceb91da044ba005e9c7380ce601c7ee3bc8202664c1e2884e5ddafce182d43880ac4423cc093803991a4ec77ddc4e9a9ac29
-
SSDEEP
24576:k4XNr/j01fyF7bjVEBRHTnJyvSRzmNX6MPDmPQe:kmjKfEfjqpzz26aj
Static task
static1
Behavioral task
behavioral1
Sample
d3d9946a31788e942a5be610403c438b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d3d9946a31788e942a5be610403c438b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d3d9946a31788e942a5be610403c438b_JaffaCakes118
-
Size
909KB
-
MD5
d3d9946a31788e942a5be610403c438b
-
SHA1
2522f9e1026bfbb484dc49195bb748bc1fa18697
-
SHA256
0f064e59e76ae6dbf98f7638c9081949de309e94a3003efd60ee5f4100394b42
-
SHA512
dcb5471edf7d146dd95b47c07d72ceb91da044ba005e9c7380ce601c7ee3bc8202664c1e2884e5ddafce182d43880ac4423cc093803991a4ec77ddc4e9a9ac29
-
SSDEEP
24576:k4XNr/j01fyF7bjVEBRHTnJyvSRzmNX6MPDmPQe:kmjKfEfjqpzz26aj
Score10/10-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-