General
-
Target
de4827e4879fc14a65133478895bf742_JaffaCakes118
-
Size
766KB
-
Sample
241210-x2bzhsznhn
-
MD5
de4827e4879fc14a65133478895bf742
-
SHA1
38ca0f794976147b3cb56e5bddebe292ce3b11c9
-
SHA256
125aa1a042a5b5fd47979b612930348bfd2bc03cc8a7198535a576439a78a0c2
-
SHA512
4bca18d80bcf8b8c946d3d8878b3e3a1c2725c20c41d51b38c138255810eaa329b2968c561cc3efca0a0dc063a646c53ab4b580f27c2d8b50320bb44e4abf90e
-
SSDEEP
12288:/Muo3R2vENhB8JnOA2IVyhXF132N1eNSVUt29MW2SdKO8VdsJkl7+G07FKH83bqM:/lo3R2vcB8JOAg1gNAgOI912SgZVdsJB
Static task
static1
Behavioral task
behavioral1
Sample
de4827e4879fc14a65133478895bf742_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
de4827e4879fc14a65133478895bf742_JaffaCakes118
-
Size
766KB
-
MD5
de4827e4879fc14a65133478895bf742
-
SHA1
38ca0f794976147b3cb56e5bddebe292ce3b11c9
-
SHA256
125aa1a042a5b5fd47979b612930348bfd2bc03cc8a7198535a576439a78a0c2
-
SHA512
4bca18d80bcf8b8c946d3d8878b3e3a1c2725c20c41d51b38c138255810eaa329b2968c561cc3efca0a0dc063a646c53ab4b580f27c2d8b50320bb44e4abf90e
-
SSDEEP
12288:/Muo3R2vENhB8JnOA2IVyhXF132N1eNSVUt29MW2SdKO8VdsJkl7+G07FKH83bqM:/lo3R2vcB8JOAg1gNAgOI912SgZVdsJB
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-