General
-
Target
JaffaCakes118_40ba961e9beb224042656f64b6eec80b
-
Size
748KB
-
Sample
250302-rg8vvswwhy
-
MD5
40ba961e9beb224042656f64b6eec80b
-
SHA1
fe65f5c419b28c5222fda70ecd1d3a2589023ee9
-
SHA256
2856282de5368454c64543081f3b8b884fe7a892343bcdf660c6522fdd1b74ee
-
SHA512
c53926b54783e9d00f17ca96c7a280d3b07561d4cf960dfca1a73da4d802c7c23455d19860107946fc318282ec712b4e063dd71f1b07ca09db6ace1502eac70c
-
SSDEEP
12288:FNqrq0g98UFlIHAIydOYYkQ1jNgiYaLfC8yhu6xOd6ptjtmWMF:FNAqlKUFl6OlqSiYaLRyhCsmWM
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40ba961e9beb224042656f64b6eec80b.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
darkcometlegacy.no-ip.org:1604
darkcometlegacy.no-ip.org:1605
DC_MUTEX-M6A7Y0W
-
gencode
1JLFkqXTc2f8
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_40ba961e9beb224042656f64b6eec80b
-
Size
748KB
-
MD5
40ba961e9beb224042656f64b6eec80b
-
SHA1
fe65f5c419b28c5222fda70ecd1d3a2589023ee9
-
SHA256
2856282de5368454c64543081f3b8b884fe7a892343bcdf660c6522fdd1b74ee
-
SHA512
c53926b54783e9d00f17ca96c7a280d3b07561d4cf960dfca1a73da4d802c7c23455d19860107946fc318282ec712b4e063dd71f1b07ca09db6ace1502eac70c
-
SSDEEP
12288:FNqrq0g98UFlIHAIydOYYkQ1jNgiYaLfC8yhu6xOd6ptjtmWMF:FNAqlKUFl6OlqSiYaLRyhCsmWM
-
Darkcomet family
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-