General
-
Target
JaffaCakes118_45857bbffb891186037f68ce794caf14
-
Size
401KB
-
Sample
250303-hpzgqa1sez
-
MD5
45857bbffb891186037f68ce794caf14
-
SHA1
9f0266bb7603f1d538ca29a8ae926715c301a3db
-
SHA256
365287de5b3d9ca8b23475a4fe6c693d0fe4562e33fd4d59ec7b57f3a175c2c3
-
SHA512
6d4df272f741832958a57ba522f86c23b9b121dba1d772ebf38dd7e240bfc881fbf74ff100e9029bd72ffc0b32d44f55586e52b1aea18ce9b5c9d739d2250ece
-
SSDEEP
12288:Ts3u96999999999999999999999999999D9999999O999999999999999999999B:w3u9699999999999999999999999999y
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_45857bbffb891186037f68ce794caf14.exe
Resource
win7-20241023-en
Malware Config
Extracted
darkcomet
Guest16
adriendk69.no-ip.org:1604
DC_MUTEX-418L84R
-
gencode
4JBkctSebjFN
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_45857bbffb891186037f68ce794caf14
-
Size
401KB
-
MD5
45857bbffb891186037f68ce794caf14
-
SHA1
9f0266bb7603f1d538ca29a8ae926715c301a3db
-
SHA256
365287de5b3d9ca8b23475a4fe6c693d0fe4562e33fd4d59ec7b57f3a175c2c3
-
SHA512
6d4df272f741832958a57ba522f86c23b9b121dba1d772ebf38dd7e240bfc881fbf74ff100e9029bd72ffc0b32d44f55586e52b1aea18ce9b5c9d739d2250ece
-
SSDEEP
12288:Ts3u96999999999999999999999999999D9999999O999999999999999999999B:w3u9699999999999999999999999999y
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-