General
-
Target
1b742d4c972f61a0c2fa1a2dee12776e_JaffaCakes118
-
Size
1.2MB
-
Sample
240701-qlf5zatele
-
MD5
1b742d4c972f61a0c2fa1a2dee12776e
-
SHA1
35a7d1e82b1a24d4fd00217f22237be8f199654d
-
SHA256
01c863751e1addaec582b4e0b30fc95f56728bed119dda03c633f0bb884f61b2
-
SHA512
2218ab1bb0172e7dc6eb4894eec1226f9ff3e9f52fcd10479709f8be0b8f2b729abf202319babf5d8449bfbd028a2367183125dfd130feeeaa69c91080ecb67e
-
SSDEEP
24576:aaojuhLcuESLjk7PxT3ZXYMtA6zbV25ID2qFycEtq7xLPTASqH9:GShXHLjsrXYM+8h9j2SqH9
Static task
static1
Behavioral task
behavioral1
Sample
1b742d4c972f61a0c2fa1a2dee12776e_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
darkcomet
Dyn
rezausa.dyndns.org:3030
DC_MUTEX-PZMK978
-
gencode
Vpat5HCp7cwE
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
1b742d4c972f61a0c2fa1a2dee12776e_JaffaCakes118
-
Size
1.2MB
-
MD5
1b742d4c972f61a0c2fa1a2dee12776e
-
SHA1
35a7d1e82b1a24d4fd00217f22237be8f199654d
-
SHA256
01c863751e1addaec582b4e0b30fc95f56728bed119dda03c633f0bb884f61b2
-
SHA512
2218ab1bb0172e7dc6eb4894eec1226f9ff3e9f52fcd10479709f8be0b8f2b729abf202319babf5d8449bfbd028a2367183125dfd130feeeaa69c91080ecb67e
-
SSDEEP
24576:aaojuhLcuESLjk7PxT3ZXYMtA6zbV25ID2qFycEtq7xLPTASqH9:GShXHLjsrXYM+8h9j2SqH9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of SetThreadContext
-