General
-
Target
e1432a7d5347ceb3c3349876e38a2955_JaffaCakes118
-
Size
438KB
-
Sample
241211-nkvwma1jcy
-
MD5
e1432a7d5347ceb3c3349876e38a2955
-
SHA1
559bdb6ef9a712bf6580a90bdf4629698b77af4f
-
SHA256
b1c1fd131f896d582ee4a290b3be1cf7a8fd7447e5c38e4c1d7300acab80b8de
-
SHA512
032c5b78b5bfbaa28491c4796855ef1e0e4423ff80514e49d884babdab0e13f9cd0471896c5532cdeb559a250d6712d79b5b5a76bbc798024705f124e0eeb3ab
-
SSDEEP
12288:Oe2CB53mzfJXTZEBnMOaXjYBV5b5xRURq9/:OOqf8qrYBLdqqd
Static task
static1
Behavioral task
behavioral1
Sample
IMG_2003251447.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
19.01 ASK
morans.no-ip.biz:1700
grrr.no-ip.biz:1700
grrr.no-ip.org:1700
grrr.no-ip.org:1604
DC_MUTEX-6TLN7NX
-
gencode
f6JygSQ6qexm
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
IMG_2003251447.exe
-
Size
558KB
-
MD5
fc96649f5eeeb19d55ae1e581786d349
-
SHA1
3b6af40e040a4ed70a261df8d56c6787aab7bfeb
-
SHA256
146ef2521c6e02b0396042699489cefa8d4d096e03ef9ce3366e3a08ea8f2ce9
-
SHA512
b03797c838d12e68a3705e5aeebbab6165dc14f6962ddace1a73f44c0ee2c3939733299f32fe174285f94a9829cbcb0a8b1eff1fd22d6142ad5238a0cde979d8
-
SSDEEP
12288:dl7bmzxB1l9ExnMOaBXwHFT////////////////D5rOlZkg4Skk3kQwCJk/hN0:jqx4a/wl5qjkBCRJU
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-