General
-
Target
d5b85283195556e522c8b5627369aba1_JaffaCakes118
-
Size
627KB
-
Sample
241208-hd24gawmdy
-
MD5
d5b85283195556e522c8b5627369aba1
-
SHA1
efbf8a337eb8acbcd2e844cc37a9792a36d55123
-
SHA256
e6af143bd96b2d461248f6a9116375f0179faff9c7a4b146dc2d34f41eda34e3
-
SHA512
e8ad79ab0593919fd6a7c592232496a0859ae29b61b1a7cfedd31fb334c3b557f6ab39b51110458df13b2f713f936f2e27564ff74888e793005c2b5cdfe6e6a6
-
SSDEEP
12288:YbRL99DE+UxcqH4siLPndzMo+RV7+d1mDT0t9P9KD8A/hJaF:qRRx7qHyvdzVM7W1BfP95C0
Static task
static1
Behavioral task
behavioral1
Sample
d5b85283195556e522c8b5627369aba1_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Slave
katygarismova123.no-ip.biz:200
DC_MUTEX-MBWJM88
-
gencode
JMUmoo8nTYeT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d5b85283195556e522c8b5627369aba1_JaffaCakes118
-
Size
627KB
-
MD5
d5b85283195556e522c8b5627369aba1
-
SHA1
efbf8a337eb8acbcd2e844cc37a9792a36d55123
-
SHA256
e6af143bd96b2d461248f6a9116375f0179faff9c7a4b146dc2d34f41eda34e3
-
SHA512
e8ad79ab0593919fd6a7c592232496a0859ae29b61b1a7cfedd31fb334c3b557f6ab39b51110458df13b2f713f936f2e27564ff74888e793005c2b5cdfe6e6a6
-
SSDEEP
12288:YbRL99DE+UxcqH4siLPndzMo+RV7+d1mDT0t9P9KD8A/hJaF:qRRx7qHyvdzVM7W1BfP95C0
-
Darkcomet family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-