General
-
Target
JaffaCakes118_20cc1d87a95f7c4168b87e7528275ab1
-
Size
1.6MB
-
Sample
250223-n5x7gswmgv
-
MD5
20cc1d87a95f7c4168b87e7528275ab1
-
SHA1
d4d51666e5879d32bc4d9831a93799acb30f5df5
-
SHA256
704976f44de6ca3c595387327bef12fe593cf908de0a70255bf06dc896644818
-
SHA512
170e830418b297e14807ae0b0e7d29099751e122b2d48e52601b6eee7ba7d083940be0d9e512987786f2e6c0546e0e85d697226e130482708b2a7bd7dd0a66b6
-
SSDEEP
24576:uX5hPA2aHl1EPlQzhRbkrf0Cx/9pk6H3Ty9+RyALSQseBoSQseBglubgKdlubgY:S5epFqNShRbuQ6XT0nMSe+SeG4sKd4sY
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_20cc1d87a95f7c4168b87e7528275ab1.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
hack93120.no-ip.org:1024
DC_MUTEX-F54S21D
-
gencode
oQ46#KS+JFqX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_20cc1d87a95f7c4168b87e7528275ab1
-
Size
1.6MB
-
MD5
20cc1d87a95f7c4168b87e7528275ab1
-
SHA1
d4d51666e5879d32bc4d9831a93799acb30f5df5
-
SHA256
704976f44de6ca3c595387327bef12fe593cf908de0a70255bf06dc896644818
-
SHA512
170e830418b297e14807ae0b0e7d29099751e122b2d48e52601b6eee7ba7d083940be0d9e512987786f2e6c0546e0e85d697226e130482708b2a7bd7dd0a66b6
-
SSDEEP
24576:uX5hPA2aHl1EPlQzhRbkrf0Cx/9pk6H3Ty9+RyALSQseBoSQseBglubgKdlubgY:S5epFqNShRbuQ6XT0nMSe+SeG4sKd4sY
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-