General
-
Target
19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118
-
Size
865KB
-
Sample
240628-gjaqqsxanq
-
MD5
19032a633afb59d6a619f5f9cc1158a2
-
SHA1
200eaa035a9caaf10cbbfb6a49208dd006babdf6
-
SHA256
35bc08c80902a5f572582183c9b89891cccf2a80b5527e9a00a573e30a0883bb
-
SHA512
82a77646c6b1171fcaa311a7408f4a1178cbb8b980c7f030beb6a58766642b68dfdefa0a00f426ce333b11ee7017702f83dacf391ac7b05baf498df2b27b27bd
-
SSDEEP
24576:HjmyKIeu4p0/h/2C/LCWWwwndeJNW24sbtv4SPJ:HjZKIeu4p0/52C/+WPwndcNW24sJv4SB
Static task
static1
Behavioral task
behavioral1
Sample
19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Skymike2DC_1337
skymike2dc.no-ip.biz:1604
DC_MUTEX-F2H6DRH
-
gencode
lpra1CCJYwgT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118
-
Size
865KB
-
MD5
19032a633afb59d6a619f5f9cc1158a2
-
SHA1
200eaa035a9caaf10cbbfb6a49208dd006babdf6
-
SHA256
35bc08c80902a5f572582183c9b89891cccf2a80b5527e9a00a573e30a0883bb
-
SHA512
82a77646c6b1171fcaa311a7408f4a1178cbb8b980c7f030beb6a58766642b68dfdefa0a00f426ce333b11ee7017702f83dacf391ac7b05baf498df2b27b27bd
-
SSDEEP
24576:HjmyKIeu4p0/h/2C/LCWWwwndeJNW24sbtv4SPJ:HjZKIeu4p0/52C/+WPwndcNW24sJv4SB
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-