General
-
Target
e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118
-
Size
1.2MB
-
Sample
241212-yytktsxrgq
-
MD5
e81433472610bfe2bc3e320fad7d8d8e
-
SHA1
0241912ba1137572d87d9f3a46ee82ab5774bed6
-
SHA256
00675c83d0755b1a4d28954d4426e5155127956f364e26676795e7109c27fdb8
-
SHA512
17a584b687be02c6cd35b9846b28bad01c5e8f0769aa1b51c76595d9cea90c03e182d597c8355d35b05980904cb1eb52202e12c8053defc56461f7b8041b0a15
-
SSDEEP
24576:v2O/GlZSB1ytVKPLtsq9w6GGLiqGpY4MSZyN301n7g6zwm4m53Sb2T:lCnKh7zF7GpYdSZyl45kFm53SyT
Static task
static1
Behavioral task
behavioral1
Sample
e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
ALL-BROWSER
root.socialmediaservices.co:1299
DC_MUTEX-E0HY7V3
-
gencode
zSHmPMnVaR8K
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118
-
Size
1.2MB
-
MD5
e81433472610bfe2bc3e320fad7d8d8e
-
SHA1
0241912ba1137572d87d9f3a46ee82ab5774bed6
-
SHA256
00675c83d0755b1a4d28954d4426e5155127956f364e26676795e7109c27fdb8
-
SHA512
17a584b687be02c6cd35b9846b28bad01c5e8f0769aa1b51c76595d9cea90c03e182d597c8355d35b05980904cb1eb52202e12c8053defc56461f7b8041b0a15
-
SSDEEP
24576:v2O/GlZSB1ytVKPLtsq9w6GGLiqGpY4MSZyN301n7g6zwm4m53Sb2T:lCnKh7zF7GpYdSZyl45kFm53SyT
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-