General
-
Target
19e49d8166eaf5fc06026ae2f3afac30_JaffaCakes118
-
Size
288KB
-
Sample
240628-m8v1vswdqh
-
MD5
19e49d8166eaf5fc06026ae2f3afac30
-
SHA1
d1a8e153c4b99e25f8d4f6f008192a3f3887f316
-
SHA256
2a5df6bada9f7a507a04d0889fafd932fdcd12397fa89e4cedae99d101eb8f70
-
SHA512
1f92cc879cd5cae759dab561b7bf3658ccd2b9f28c5a87a138d74c9b2c8a6929c558c042cea7c96d5b24068490fa9632a826ced15630174d789516fb0d2b595e
-
SSDEEP
6144:bJ/SsodMp6FH1tunYLE0ai8wIQn1D2jyvuC3Gfcbr7KwkpkM0S2:bRStdMYVtuYLEpwIc2fwr7K8
Static task
static1
Behavioral task
behavioral1
Sample
19e49d8166eaf5fc06026ae2f3afac30_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Crypt
b6x.no-ip.biz:1604
DC_MUTEX-KQFDPD6
-
gencode
A3BVkZQqjEkS
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
19e49d8166eaf5fc06026ae2f3afac30_JaffaCakes118
-
Size
288KB
-
MD5
19e49d8166eaf5fc06026ae2f3afac30
-
SHA1
d1a8e153c4b99e25f8d4f6f008192a3f3887f316
-
SHA256
2a5df6bada9f7a507a04d0889fafd932fdcd12397fa89e4cedae99d101eb8f70
-
SHA512
1f92cc879cd5cae759dab561b7bf3658ccd2b9f28c5a87a138d74c9b2c8a6929c558c042cea7c96d5b24068490fa9632a826ced15630174d789516fb0d2b595e
-
SSDEEP
6144:bJ/SsodMp6FH1tunYLE0ai8wIQn1D2jyvuC3Gfcbr7KwkpkM0S2:bRStdMYVtuYLEpwIc2fwr7K8
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-