General
-
Target
e7c225008df3ce32c2100db88f750772_JaffaCakes118
-
Size
251KB
-
Sample
241212-xdg6mavpaj
-
MD5
e7c225008df3ce32c2100db88f750772
-
SHA1
479e07478d2f05f584765a78ad135e518dd76c44
-
SHA256
2a58986678032748ea8a1179faf8b925069de84ac92f7de852547515ed8f9122
-
SHA512
aa1683754279058cca005fa84ac534537696d8dbbdbb668c0713d458525ea87865b5476720bd151ea550213fea0150861a83986ef083b49292b021740371cda2
-
SSDEEP
6144:EYqt/vTpwbGgq7Sherr7nVHQr41qEk+i:HqtT2ag1errrV6CHk
Static task
static1
Behavioral task
behavioral1
Sample
e7c225008df3ce32c2100db88f750772_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
e7c225008df3ce32c2100db88f750772_JaffaCakes118
-
Size
251KB
-
MD5
e7c225008df3ce32c2100db88f750772
-
SHA1
479e07478d2f05f584765a78ad135e518dd76c44
-
SHA256
2a58986678032748ea8a1179faf8b925069de84ac92f7de852547515ed8f9122
-
SHA512
aa1683754279058cca005fa84ac534537696d8dbbdbb668c0713d458525ea87865b5476720bd151ea550213fea0150861a83986ef083b49292b021740371cda2
-
SSDEEP
6144:EYqt/vTpwbGgq7Sherr7nVHQr41qEk+i:HqtT2ag1errrV6CHk
-
Darkcomet family
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-