General
-
Target
d97c83769db2a543d904501f22056290_JaffaCakes118
-
Size
515KB
-
Sample
241209-n2hyds1mcn
-
MD5
d97c83769db2a543d904501f22056290
-
SHA1
95d0d0521f7a88e9b8dc08907509799c128e77c1
-
SHA256
3e5d82b39b9212613383ae6c94094051ecfbeddbeafbf1d3a63ed23328cc6ee1
-
SHA512
270caba631ff8d054515f89a96bea3cce9abe9b3221f88388fb25bb1c5aa7bb9fb6d74cd83c2b10c0dffb29ae3bd4aeb662313c92cb6e458bc5c2d59f72298e8
-
SSDEEP
6144:M8HE5leAjqA7e7lMXh2PVtS2+SN0X5Wx8lzR0PqXcl51q45dMG4XbMg65AGdU:M8HUeAjqRGh2PLB0X5WgtRX01qzDrMBQ
Static task
static1
Behavioral task
behavioral1
Sample
d97c83769db2a543d904501f22056290_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d97c83769db2a543d904501f22056290_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
26.05
grrr.no-ip.org:1604
morans.no-ip.biz:1604
DC_MUTEX-P3CD4XX
-
gencode
D6xGbXCz58rr
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d97c83769db2a543d904501f22056290_JaffaCakes118
-
Size
515KB
-
MD5
d97c83769db2a543d904501f22056290
-
SHA1
95d0d0521f7a88e9b8dc08907509799c128e77c1
-
SHA256
3e5d82b39b9212613383ae6c94094051ecfbeddbeafbf1d3a63ed23328cc6ee1
-
SHA512
270caba631ff8d054515f89a96bea3cce9abe9b3221f88388fb25bb1c5aa7bb9fb6d74cd83c2b10c0dffb29ae3bd4aeb662313c92cb6e458bc5c2d59f72298e8
-
SSDEEP
6144:M8HE5leAjqA7e7lMXh2PVtS2+SN0X5Wx8lzR0PqXcl51q45dMG4XbMg65AGdU:M8HUeAjqRGh2PLB0X5WgtRX01qzDrMBQ
-
Darkcomet family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-