General
-
Target
d50fa5e455466529f262a46e8e63bf0c_JaffaCakes118
-
Size
488KB
-
Sample
241208-d69a2a1jcy
-
MD5
d50fa5e455466529f262a46e8e63bf0c
-
SHA1
67504bf04196d84668e083509b10dea14dff425c
-
SHA256
98b49dda6a6fcdfa0bfd1557bff2fce72107aa383a84498ec474cba7b3b1b97d
-
SHA512
dbc6f3c0e459e2f1a07dc1b3c353af1ccc559a85cb7da5fd49296674bcb392561c093fb40622d2eedeedc1f80fcf7e55ade82efd536cf408e39cb594ff8c081d
-
SSDEEP
12288:oXLEMeIDb8lvvKb8LmPgNJo64LaWK4/RI93E9KWLHOIoS:MEMPDAvdLPNt4LVF/i93E9KiH
Behavioral task
behavioral1
Sample
d50fa5e455466529f262a46e8e63bf0c_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
d50fa5e455466529f262a46e8e63bf0c_JaffaCakes118
-
Size
488KB
-
MD5
d50fa5e455466529f262a46e8e63bf0c
-
SHA1
67504bf04196d84668e083509b10dea14dff425c
-
SHA256
98b49dda6a6fcdfa0bfd1557bff2fce72107aa383a84498ec474cba7b3b1b97d
-
SHA512
dbc6f3c0e459e2f1a07dc1b3c353af1ccc559a85cb7da5fd49296674bcb392561c093fb40622d2eedeedc1f80fcf7e55ade82efd536cf408e39cb594ff8c081d
-
SSDEEP
12288:oXLEMeIDb8lvvKb8LmPgNJo64LaWK4/RI93E9KWLHOIoS:MEMPDAvdLPNt4LVF/i93E9KiH
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-