General
-
Target
JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8
-
Size
670KB
-
Sample
250222-yxnyysxpfn
-
MD5
1bf9a9492b9ac58b5d373a50d7246dc8
-
SHA1
5243ff1715dc606f930523ebee4495fc0e1dc5db
-
SHA256
6971dddc3354f715fc61c7e7d326283d706134f4329b01baa3310f27ac38d81b
-
SHA512
1f71371c4bd2be2ed344d2ccf77af267c12691592ba3efc75ef44e2b9b59398ff39848f877b546ab7ffdb3776a6937c4972eca1c245687db2d11d687afc7b719
-
SSDEEP
12288:O+z5fbEsE580WSBduc3AcVetVA3Mo8OY+ezt9CHFt9c:XN+qvCMc3LYt0COot9Cj9c
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
aylin.sytes.net:1604
DC_MUTEX-31JYQDU
-
gencode
1VH7mslA0=Pm
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8
-
Size
670KB
-
MD5
1bf9a9492b9ac58b5d373a50d7246dc8
-
SHA1
5243ff1715dc606f930523ebee4495fc0e1dc5db
-
SHA256
6971dddc3354f715fc61c7e7d326283d706134f4329b01baa3310f27ac38d81b
-
SHA512
1f71371c4bd2be2ed344d2ccf77af267c12691592ba3efc75ef44e2b9b59398ff39848f877b546ab7ffdb3776a6937c4972eca1c245687db2d11d687afc7b719
-
SSDEEP
12288:O+z5fbEsE580WSBduc3AcVetVA3Mo8OY+ezt9CHFt9c:XN+qvCMc3LYt0COot9Cj9c
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-