General
-
Target
JaffaCakes118_20746aab4343e0a87457d97e04a93d5c
-
Size
684KB
-
Sample
250223-m28y5swjt6
-
MD5
20746aab4343e0a87457d97e04a93d5c
-
SHA1
0f6d160d9aa0bbb6d27749af3ea459a9094f01e6
-
SHA256
2c74c3f6ebc523b2e7d92cd5337c836e7ec9d59f39f1be4f7500f12a22fa0870
-
SHA512
9cd36b13ff7c184aa8a5cc7a9c695be5494967b611915f9ea66dbdfba94f0a96735a73dd552c19e1b95016dfd15b28b05e4245f0e38b89b49d68f71063d3d9ef
-
SSDEEP
12288:WG8xLD1dR6sVpdgzQIO0Ew+4ui35Y5AhyL/mkL5jD2pq1IkTuWwgqC:WhdP6seEIxEJ4ZQxGkT1n
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_20746aab4343e0a87457d97e04a93d5c.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
ernesc.no-ip.biz:4662
DC_MUTEX-NJR4ZM2
-
gencode
zYGLd1xpsEfX
-
install
false
-
offline_keylogger
true
-
password
h8you
-
persistence
false
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_20746aab4343e0a87457d97e04a93d5c
-
Size
684KB
-
MD5
20746aab4343e0a87457d97e04a93d5c
-
SHA1
0f6d160d9aa0bbb6d27749af3ea459a9094f01e6
-
SHA256
2c74c3f6ebc523b2e7d92cd5337c836e7ec9d59f39f1be4f7500f12a22fa0870
-
SHA512
9cd36b13ff7c184aa8a5cc7a9c695be5494967b611915f9ea66dbdfba94f0a96735a73dd552c19e1b95016dfd15b28b05e4245f0e38b89b49d68f71063d3d9ef
-
SSDEEP
12288:WG8xLD1dR6sVpdgzQIO0Ew+4ui35Y5AhyL/mkL5jD2pq1IkTuWwgqC:WhdP6seEIxEJ4ZQxGkT1n
-
Darkcomet family
-
Modifies firewall policy service
-
Suspicious use of SetThreadContext
-