General
-
Target
d92480381bafbfeb9fe83b94f915506c_JaffaCakes118
-
Size
1.8MB
-
Sample
241209-mey6esvjew
-
MD5
d92480381bafbfeb9fe83b94f915506c
-
SHA1
4f98aa50c7c1005749a2eda6ae7a6b2bfb351198
-
SHA256
1a38a3fec5f35becb529fdc8da7a9687fb2659ec06e283e74f162fbb3a38ce9f
-
SHA512
52e7b8e8d62e72d982d9140fe206750b4eebbba4e7c665df7bc8dd8d3512d2c19174ba204f9d548201cdcc93729a0b445945dc0fb42c658a4ba920774662e742
-
SSDEEP
24576:8DVSn+sFv83ik+03FnEFaR4b9GBuAvmMgPKZ36E+paPPCJQqFK7d3Xtaxt5TYwiX:a8p27VEcWoz7gPKwEogPCJBFeXtqtbQ
Static task
static1
Behavioral task
behavioral1
Sample
d92480381bafbfeb9fe83b94f915506c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
amis59.zapto.org:100
192.168.1.1:100
DC_MUTEX-SYE9RFY
-
gencode
04SbL8lsv4kf
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d92480381bafbfeb9fe83b94f915506c_JaffaCakes118
-
Size
1.8MB
-
MD5
d92480381bafbfeb9fe83b94f915506c
-
SHA1
4f98aa50c7c1005749a2eda6ae7a6b2bfb351198
-
SHA256
1a38a3fec5f35becb529fdc8da7a9687fb2659ec06e283e74f162fbb3a38ce9f
-
SHA512
52e7b8e8d62e72d982d9140fe206750b4eebbba4e7c665df7bc8dd8d3512d2c19174ba204f9d548201cdcc93729a0b445945dc0fb42c658a4ba920774662e742
-
SSDEEP
24576:8DVSn+sFv83ik+03FnEFaR4b9GBuAvmMgPKZ36E+paPPCJQqFK7d3Xtaxt5TYwiX:a8p27VEcWoz7gPKwEogPCJBFeXtqtbQ
-
Darkcomet family
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-