General
-
Target
19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118
-
Size
649KB
-
Sample
240628-lskphswarp
-
MD5
19ae0c3eba9091ca7daea2db9b5f3f09
-
SHA1
1e9cf220cccc2155aa0d41ae401d584ebb98863a
-
SHA256
2fa1ab454114dc94dd69ae6e2f2a31270bd7f00e8ea454317791374a767a3cdf
-
SHA512
dd471891a6e439f9babe91dcd10ce60e9d1a9b2857544224fcd94c96d02c72c5c1a1909497c6f7c060f7021405e66b0ecc1395134f604127d9c1d4692db187d5
-
SSDEEP
12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+A:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+G9
Behavioral task
behavioral1
Sample
19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
Habbo Gen
82.41.38.18:1995
DC_MUTEX-5WTNQ5D
-
gencode
Qn34A2Y5nQa0
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118
-
Size
649KB
-
MD5
19ae0c3eba9091ca7daea2db9b5f3f09
-
SHA1
1e9cf220cccc2155aa0d41ae401d584ebb98863a
-
SHA256
2fa1ab454114dc94dd69ae6e2f2a31270bd7f00e8ea454317791374a767a3cdf
-
SHA512
dd471891a6e439f9babe91dcd10ce60e9d1a9b2857544224fcd94c96d02c72c5c1a1909497c6f7c060f7021405e66b0ecc1395134f604127d9c1d4692db187d5
-
SSDEEP
12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+A:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+G9
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-