General
-
Target
JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5
-
Size
1.2MB
-
Sample
250302-1vyfqawxfy
-
MD5
42db693873e90e804ea9bcbc7e92b6e5
-
SHA1
22cb387a52f784a0ac8e2912ba4940d387258ead
-
SHA256
96e12a4802f39174e4d4a69a3f1c8a728d10e17dee86f53cc9d8c8f04ae18ccc
-
SHA512
d69c6ff4032bcc8f99c470ad065443d53752bdde215eeac36ce08d4db379570359fde6c7b2e4e42edd8ea662442df6f4e710ce2f48fb048f572ac33a82074d59
-
SSDEEP
24576:kxldkEzqWNbmLGDyTtzawCKkP+aN38UHrZC:kjXuWyecQwTi+wLHrZ
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
dc531.no-ip.biz:1604
DC_MUTEX-4CUBAHY
-
gencode
dRQbfGal#7=i
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5
-
Size
1.2MB
-
MD5
42db693873e90e804ea9bcbc7e92b6e5
-
SHA1
22cb387a52f784a0ac8e2912ba4940d387258ead
-
SHA256
96e12a4802f39174e4d4a69a3f1c8a728d10e17dee86f53cc9d8c8f04ae18ccc
-
SHA512
d69c6ff4032bcc8f99c470ad065443d53752bdde215eeac36ce08d4db379570359fde6c7b2e4e42edd8ea662442df6f4e710ce2f48fb048f572ac33a82074d59
-
SSDEEP
24576:kxldkEzqWNbmLGDyTtzawCKkP+aN38UHrZC:kjXuWyecQwTi+wLHrZ
-
Darkcomet family
-
Windows security bypass
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-