Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e4effdae64132f9f253179edb746ad39_JaffaCakes118
-
Size
759KB
-
Sample
241212-gbxkjaslht
-
MD5
e4effdae64132f9f253179edb746ad39
-
SHA1
830f1267ace003b18c3f92316d4051eab618cb65
-
SHA256
441e0e8d70c611cb217d66ed4371ecf431620338441547d173547f8a897260df
-
SHA512
522214a265a30fc8ee5632178829380f672433e481441fd617980d7ab36aa5b61f17058ed715399a182f9134e081b134d01872461e49c48664d114330adc09a4
-
SSDEEP
12288:L46hnWJ6jINMlXVe+LEE1oJDu0sHY1b98Wl8E4w5huat7UovONzbXwnjoEFEG:LPeMGwsJ60IY3dhHwNzbXq/j
Static task
static1
Behavioral task
behavioral1
Sample
e4effdae64132f9f253179edb746ad39_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
192.168.0.100:1604
99.241.109.24:1604
joinme.no-ip.biz:1604
DC_MUTEX-10AJJXB
-
gencode
KFKw3CPq7lsj
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e4effdae64132f9f253179edb746ad39_JaffaCakes118
-
Size
759KB
-
MD5
e4effdae64132f9f253179edb746ad39
-
SHA1
830f1267ace003b18c3f92316d4051eab618cb65
-
SHA256
441e0e8d70c611cb217d66ed4371ecf431620338441547d173547f8a897260df
-
SHA512
522214a265a30fc8ee5632178829380f672433e481441fd617980d7ab36aa5b61f17058ed715399a182f9134e081b134d01872461e49c48664d114330adc09a4
-
SSDEEP
12288:L46hnWJ6jINMlXVe+LEE1oJDu0sHY1b98Wl8E4w5huat7UovONzbXwnjoEFEG:LPeMGwsJ60IY3dhHwNzbXq/j
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-