General
-
Target
ffc476cc5de1540f3e0d41d4b87b66c9_JaffaCakes118
-
Size
769KB
-
Sample
241219-tm8hdsvngv
-
MD5
ffc476cc5de1540f3e0d41d4b87b66c9
-
SHA1
fd8891cd1474bad8defe4f99386cb505b7f8b577
-
SHA256
cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d
-
SHA512
0953fefc861cca9aa818079962990653815d93be50de058e50e1d5d668f2d3616679473aad677649401464882637b985d712ae5a8d3155f5993ed9cc93bc7f26
-
SSDEEP
24576:LTvW/wxXSknYDkoR4HTaF1nP9tXGVnmpW:LTvW/wxTnYoTS1P6gpW
Static task
static1
Behavioral task
behavioral1
Sample
ffc476cc5de1540f3e0d41d4b87b66c9_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
XP
fahimjan.no-ip.biz:1008
DC_MUTEX-DSCVTSP
-
gencode
g901jEZ864Tb
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ffc476cc5de1540f3e0d41d4b87b66c9_JaffaCakes118
-
Size
769KB
-
MD5
ffc476cc5de1540f3e0d41d4b87b66c9
-
SHA1
fd8891cd1474bad8defe4f99386cb505b7f8b577
-
SHA256
cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d
-
SHA512
0953fefc861cca9aa818079962990653815d93be50de058e50e1d5d668f2d3616679473aad677649401464882637b985d712ae5a8d3155f5993ed9cc93bc7f26
-
SSDEEP
24576:LTvW/wxXSknYDkoR4HTaF1nP9tXGVnmpW:LTvW/wxTnYoTS1P6gpW
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-