General
-
Target
JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7
-
Size
735KB
-
Sample
250223-ny1n2awlhy
-
MD5
20be02e2dca6e816b351cac4bd6fd5e7
-
SHA1
6c55cee0d4a8623292f3e78a148f608debc06f54
-
SHA256
3567e8257e1f08cd869bfe768f499fd14f68142f2ef52671ea091e29a17db640
-
SHA512
cd19062da3bf6c17bef27816c0e20de472b0199e6628ca7ffa639e476600bdec2520f228baef4eee2f6f76b56d550cfa68081067614aba9669d03b2c909b6500
-
SSDEEP
12288:fYc2fDVmFAu+NSCq/ZoKkJH60EOW3e+3JCcFuHE/PfWrXitKmw5oeNI0PVL9kU/F:QcW1NzqBozOu+QYuHE/0oeNIO9kU/xVF
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
81.184.154.233:1604
DC_MUTEX-F54S21D
-
gencode
tV+f#VWgBA�w
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7
-
Size
735KB
-
MD5
20be02e2dca6e816b351cac4bd6fd5e7
-
SHA1
6c55cee0d4a8623292f3e78a148f608debc06f54
-
SHA256
3567e8257e1f08cd869bfe768f499fd14f68142f2ef52671ea091e29a17db640
-
SHA512
cd19062da3bf6c17bef27816c0e20de472b0199e6628ca7ffa639e476600bdec2520f228baef4eee2f6f76b56d550cfa68081067614aba9669d03b2c909b6500
-
SSDEEP
12288:fYc2fDVmFAu+NSCq/ZoKkJH60EOW3e+3JCcFuHE/PfWrXitKmw5oeNI0PVL9kU/F:QcW1NzqBozOu+QYuHE/0oeNIO9kU/xVF
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-