General
-
Target
dce157453841e8911fdfb1e23a8951d0_JaffaCakes118
-
Size
956KB
-
Sample
241210-edmf8ssras
-
MD5
dce157453841e8911fdfb1e23a8951d0
-
SHA1
7b65ca86d25380b71d293d2463083316b5bf9ebb
-
SHA256
7eb30df478a285e7aa0f8d20c8b3c7bf55eddc77931ca67342c0dcb94f197960
-
SHA512
bdd3d089dc4c825972901c3ddf538137193f5141204399ace8fef8a5f90b2db2270df2053af1f71715e590b4430ef5d19f36836feebb6541f59a710876f2ef3a
-
SSDEEP
24576:4bCLTqKcYRn0uYpOyb6dxiqDU9d1GN2MppjF:UGeb+nHbiqGd1K5
Static task
static1
Behavioral task
behavioral1
Sample
dce157453841e8911fdfb1e23a8951d0_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Ligo
ratttyyy.mooo.com:1604
DCMIN_MUTEX-NAA2DFN
-
gencode
MHwSurYxMlva
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
dce157453841e8911fdfb1e23a8951d0_JaffaCakes118
-
Size
956KB
-
MD5
dce157453841e8911fdfb1e23a8951d0
-
SHA1
7b65ca86d25380b71d293d2463083316b5bf9ebb
-
SHA256
7eb30df478a285e7aa0f8d20c8b3c7bf55eddc77931ca67342c0dcb94f197960
-
SHA512
bdd3d089dc4c825972901c3ddf538137193f5141204399ace8fef8a5f90b2db2270df2053af1f71715e590b4430ef5d19f36836feebb6541f59a710876f2ef3a
-
SSDEEP
24576:4bCLTqKcYRn0uYpOyb6dxiqDU9d1GN2MppjF:UGeb+nHbiqGd1K5
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-