General
-
Target
JaffaCakes118_19b03adb5e0305178b7745ecf8a7eb10
-
Size
1.1MB
-
Sample
250222-psgjmswmaw
-
MD5
19b03adb5e0305178b7745ecf8a7eb10
-
SHA1
adaf0ce5cf66ac7823c9035d15832699b07edfcf
-
SHA256
03b9416c2165a5905aca9162b23f7dde33fa9bd783415a21d2d188bc668a0f91
-
SHA512
2a3f6b7acdc61418bd82bf4f833c8e08b57ba365df2299fc888e0e54fc16da4bc2fb70e58a3ce45bd44b1205b890a3551b8eb8c31bafd138cf743fbd4f3b90b5
-
SSDEEP
24576:6L2RnXQrVLoL74t86NR1amWvwo6JF4esx+O:rn374t864Z6JF4ec
Behavioral task
behavioral1
Sample
JaffaCakes118_19b03adb5e0305178b7745ecf8a7eb10.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_19b03adb5e0305178b7745ecf8a7eb10.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
192.168.1.4:1604
chavo2.zapto.org:1604
DC_MUTEX-F54S21D
-
gencode
9JqNl�rGboGy
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_19b03adb5e0305178b7745ecf8a7eb10
-
Size
1.1MB
-
MD5
19b03adb5e0305178b7745ecf8a7eb10
-
SHA1
adaf0ce5cf66ac7823c9035d15832699b07edfcf
-
SHA256
03b9416c2165a5905aca9162b23f7dde33fa9bd783415a21d2d188bc668a0f91
-
SHA512
2a3f6b7acdc61418bd82bf4f833c8e08b57ba365df2299fc888e0e54fc16da4bc2fb70e58a3ce45bd44b1205b890a3551b8eb8c31bafd138cf743fbd4f3b90b5
-
SSDEEP
24576:6L2RnXQrVLoL74t86NR1amWvwo6JF4esx+O:rn374t864Z6JF4ec
-
Darkcomet family
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-