General
-
Target
0c69c924ecebda558a61667fff2e66cf_JaffaCakes118
-
Size
300KB
-
Sample
240621-r7vqxsvbja
-
MD5
0c69c924ecebda558a61667fff2e66cf
-
SHA1
e19e4040e1446a38b10e4b2b95b8425ce72810ec
-
SHA256
26b5880545074ad76e3af73a7aee7c0c1b7eb1eb8b231caf8e5636cb94beec30
-
SHA512
eac8d78357e7b0dd5b158dbe03d4efd86aa8d53ccd03100eff02990ff887059b624961fe050de6670ecb71993b72445727967fe178af355b8b1a8f621ab5202a
-
SSDEEP
6144:n1fheI/WHYwxqdBtB/0V6sldqUMGq+Eo1jjfqJGkyWGE/1KAWI:1wR4wstB/0VJlqRo1jeGkTGEt
Static task
static1
Behavioral task
behavioral1
Sample
0c69c924ecebda558a61667fff2e66cf_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
darkrider.no-ip.biz:1603
DC_MUTEX-1STF3K5
-
gencode
csD0439aKfDu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
0c69c924ecebda558a61667fff2e66cf_JaffaCakes118
-
Size
300KB
-
MD5
0c69c924ecebda558a61667fff2e66cf
-
SHA1
e19e4040e1446a38b10e4b2b95b8425ce72810ec
-
SHA256
26b5880545074ad76e3af73a7aee7c0c1b7eb1eb8b231caf8e5636cb94beec30
-
SHA512
eac8d78357e7b0dd5b158dbe03d4efd86aa8d53ccd03100eff02990ff887059b624961fe050de6670ecb71993b72445727967fe178af355b8b1a8f621ab5202a
-
SSDEEP
6144:n1fheI/WHYwxqdBtB/0V6sldqUMGq+Eo1jjfqJGkyWGE/1KAWI:1wR4wstB/0VJlqRo1jeGkTGEt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-