General
-
Target
d66d38155e7363c223960fa18196ef86_JaffaCakes118
-
Size
810KB
-
Sample
241208-lsv59avmbp
-
MD5
d66d38155e7363c223960fa18196ef86
-
SHA1
2161f98fe38ac11a22793c25a718b58b00647df4
-
SHA256
9607e53698b7ba7559f0cac0b2cedcac9b2ea0b261cc3b2f74c8ded7f7a1783f
-
SHA512
4baf01736c986bfa062302a50cebeab1ecdbb5a851b72a35ca96a6223832aa185bea3f356ed81a98ff8823f9ed9b688714dbbd2631cd180e8604623050bf9ccc
-
SSDEEP
24576:pvvxxNz60N65kQCA+eDxIoZfF1eAOOjfMnjY:bO0NDQAMF1eqMc
Static task
static1
Behavioral task
behavioral1
Sample
d66d38155e7363c223960fa18196ef86_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Scr1pt
scr1pt.no-ip.biz:1604
DC_MUTEX-6RTHDXW
-
gencode
03zeuEH2t2Sl
-
install
false
-
offline_keylogger
true
-
password
12345
-
persistence
false
Targets
-
-
Target
d66d38155e7363c223960fa18196ef86_JaffaCakes118
-
Size
810KB
-
MD5
d66d38155e7363c223960fa18196ef86
-
SHA1
2161f98fe38ac11a22793c25a718b58b00647df4
-
SHA256
9607e53698b7ba7559f0cac0b2cedcac9b2ea0b261cc3b2f74c8ded7f7a1783f
-
SHA512
4baf01736c986bfa062302a50cebeab1ecdbb5a851b72a35ca96a6223832aa185bea3f356ed81a98ff8823f9ed9b688714dbbd2631cd180e8604623050bf9ccc
-
SSDEEP
24576:pvvxxNz60N65kQCA+eDxIoZfF1eAOOjfMnjY:bO0NDQAMF1eqMc
-
Darkcomet family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-