General
-
Target
d0e0f6380b41345ddd15c2eaa2e1d058_JaffaCakes118
-
Size
350KB
-
Sample
241207-f838xaykdz
-
MD5
d0e0f6380b41345ddd15c2eaa2e1d058
-
SHA1
83c58927d06b1bb4b649797a369ed24ff422043a
-
SHA256
d6bf9497d6ceec5a40a538c2470371343318a71aa490a48ea59abac338c92473
-
SHA512
d945882062f607d3df1149a4f7d0d22115523ed9db06a057891dfa2a911c458e83ae9cade18f90227c7263596752ba1b2dd3635e300fa1cdc3e1a3475aa2376b
-
SSDEEP
6144:kD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZTlI2hgplSZJ:kl8E4w5huat7UovONzbXw3Nh/NVR
Behavioral task
behavioral1
Sample
d0e0f6380b41345ddd15c2eaa2e1d058_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
zarloc.weuns.fr:1604
zarloc.dyndns.org:1604
DC_MUTEX-F54S21D
-
gencode
qzavXgkDi3Kh
-
install
false
-
offline_keylogger
true
-
password
jet'aieuconnard
-
persistence
false
Targets
-
-
Target
d0e0f6380b41345ddd15c2eaa2e1d058_JaffaCakes118
-
Size
350KB
-
MD5
d0e0f6380b41345ddd15c2eaa2e1d058
-
SHA1
83c58927d06b1bb4b649797a369ed24ff422043a
-
SHA256
d6bf9497d6ceec5a40a538c2470371343318a71aa490a48ea59abac338c92473
-
SHA512
d945882062f607d3df1149a4f7d0d22115523ed9db06a057891dfa2a911c458e83ae9cade18f90227c7263596752ba1b2dd3635e300fa1cdc3e1a3475aa2376b
-
SSDEEP
6144:kD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZTlI2hgplSZJ:kl8E4w5huat7UovONzbXw3Nh/NVR
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-