General
-
Target
f72d3d018965b4f90ad28ce4c8ce2957_JaffaCakes118
-
Size
1.3MB
-
Sample
241216-egzkzasqet
-
MD5
f72d3d018965b4f90ad28ce4c8ce2957
-
SHA1
f80a5bec126723478d970dd0f0d931d6b88e9f0a
-
SHA256
2872c21999a0e51ea81c5bed9da9498e1d88aa6b892430d6fd0138ee616c4861
-
SHA512
c7dde6cb04d5c674bc36534119e4d943a61cf318ca4284fa1d02438b0186bf3568a3b21f1215037d03bd70c94d7fe97c90457b19b5519d346fb5e66f943608b2
-
SSDEEP
24576:iRmYkcoQricOIrxiZY1iaCvH57wKaHnCMjORymu7Xmg7FT2bk:3YZoQrbT8ZY1iaC/516zt2g7Fao
Static task
static1
Behavioral task
behavioral1
Sample
f72d3d018965b4f90ad28ce4c8ce2957_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
Guest2013
shades.no-ip.org:1604
DCMIN_MUTEX-MDWE7NC
-
gencode
46vVi771eZVT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f72d3d018965b4f90ad28ce4c8ce2957_JaffaCakes118
-
Size
1.3MB
-
MD5
f72d3d018965b4f90ad28ce4c8ce2957
-
SHA1
f80a5bec126723478d970dd0f0d931d6b88e9f0a
-
SHA256
2872c21999a0e51ea81c5bed9da9498e1d88aa6b892430d6fd0138ee616c4861
-
SHA512
c7dde6cb04d5c674bc36534119e4d943a61cf318ca4284fa1d02438b0186bf3568a3b21f1215037d03bd70c94d7fe97c90457b19b5519d346fb5e66f943608b2
-
SSDEEP
24576:iRmYkcoQricOIrxiZY1iaCvH57wKaHnCMjORymu7Xmg7FT2bk:3YZoQrbT8ZY1iaC/516zt2g7Fao
-
Darkcomet family
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-