General
-
Target
e61c5bc99fd2b158ac4ea799ea64568a_JaffaCakes118
-
Size
1.1MB
-
Sample
241212-nbhvpstrcr
-
MD5
e61c5bc99fd2b158ac4ea799ea64568a
-
SHA1
a5a97266dd2b5f1d2f3328c04efbc1b4e6fec0f1
-
SHA256
03118049958123e881a7e4731221e0690bdd49e1a624f4a989683c7ab363be80
-
SHA512
73f021eebcd0a1195b06bf360fdb6b62815cecabc750a80dc5b3c0a3133bd944e8dfab9a45eec89633ba25fa6415e00b61db2012eaf1a0e3549a534e54e238cb
-
SSDEEP
24576:kYi0aeKVUQBoGotjrJX9cpTDCdr/lR2C29slZFwvt2ST3VnNnvIWUE:kYiLeK7VotjrJX9c1Ct/P2CksDFwvt2o
Behavioral task
behavioral1
Sample
e61c5bc99fd2b158ac4ea799ea64568a_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
Absolute3
emile2012.no-ip.info:1337
DCMIN_MUTEX-ZZUD73J
-
gencode
tz3FGhkXWDV3
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e61c5bc99fd2b158ac4ea799ea64568a_JaffaCakes118
-
Size
1.1MB
-
MD5
e61c5bc99fd2b158ac4ea799ea64568a
-
SHA1
a5a97266dd2b5f1d2f3328c04efbc1b4e6fec0f1
-
SHA256
03118049958123e881a7e4731221e0690bdd49e1a624f4a989683c7ab363be80
-
SHA512
73f021eebcd0a1195b06bf360fdb6b62815cecabc750a80dc5b3c0a3133bd944e8dfab9a45eec89633ba25fa6415e00b61db2012eaf1a0e3549a534e54e238cb
-
SSDEEP
24576:kYi0aeKVUQBoGotjrJX9cpTDCdr/lR2C29slZFwvt2ST3VnNnvIWUE:kYiLeK7VotjrJX9c1Ct/P2CksDFwvt2o
-
Darkcomet family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-