General
-
Target
JaffaCakes118_45a4332db473d1a926865417d27680aa
-
Size
1.5MB
-
Sample
250303-h5b2cs1ry2
-
MD5
45a4332db473d1a926865417d27680aa
-
SHA1
923bbf6f8d8c65b74cb6814df891ef4b39725ee8
-
SHA256
1e89216b93174764bc186021d802876c53c7bcd95828dee09fd3b5487ca35238
-
SHA512
6f8c662631b6a6e4cdb9e6144f48ecbfedc058e33cfd82a585cf56d223637b28cffe59096db9096f8a1c3200785cb1144c31d097c3daacd0cde230552331f7b6
-
SSDEEP
24576:aCOzVhi4hbsJoFYok9QAn/rEXgb9wgnMAjkSJq/wGG38CDt42lppgR5l9MvJCkbR:SRhdFy9dDEQJ95A03oHlWR7J
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_45a4332db473d1a926865417d27680aa.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
Guest16
192.168.1.5:1604
DC_MUTEX-F54S21D
-
gencode
BofK5G67cZQp
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_45a4332db473d1a926865417d27680aa
-
Size
1.5MB
-
MD5
45a4332db473d1a926865417d27680aa
-
SHA1
923bbf6f8d8c65b74cb6814df891ef4b39725ee8
-
SHA256
1e89216b93174764bc186021d802876c53c7bcd95828dee09fd3b5487ca35238
-
SHA512
6f8c662631b6a6e4cdb9e6144f48ecbfedc058e33cfd82a585cf56d223637b28cffe59096db9096f8a1c3200785cb1144c31d097c3daacd0cde230552331f7b6
-
SSDEEP
24576:aCOzVhi4hbsJoFYok9QAn/rEXgb9wgnMAjkSJq/wGG38CDt42lppgR5l9MvJCkbR:SRhdFy9dDEQJ95A03oHlWR7J
-
Darkcomet family
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Windows security modification
-