General
-
Target
1bd50dc7b3e8edd57e4b285ccdcc3a0f_JaffaCakes118
-
Size
420KB
-
Sample
240701-vslq9azdkc
-
MD5
1bd50dc7b3e8edd57e4b285ccdcc3a0f
-
SHA1
238e5e649d7d08fa9ad55e6b52f64ce2ee1b8184
-
SHA256
6f33293b5249254007d2dce8e8e5514b568f0700164aa8606829287221f50e88
-
SHA512
2c9be630c14e841d06ac867e9852a9a5f64bc003b50b380421550b1ec559823ee90bbb2f0c8a99a0bdcaa809a48fedab9762f1ec32f6b2471173ce654ee10aef
-
SSDEEP
6144:3br+YGcLLr7U00LLLLLLVngnPLLLYMj3yR8OpMXPpGkvAs5HxBlWvHm/ScwSxjtz:3fWMLyirP4kvAQvld/SFSBXu2Xguf8K
Static task
static1
Behavioral task
behavioral1
Sample
1bd50dc7b3e8edd57e4b285ccdcc3a0f_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
darkcomet
New guys
appiething.no-ip.biz:1604
DC_MUTEX-H48H0Y8
-
gencode
A4BYeJSrCyrP
-
install
false
-
offline_keylogger
true
-
password
sfdsdfdfdfssd
-
persistence
false
Targets
-
-
Target
1bd50dc7b3e8edd57e4b285ccdcc3a0f_JaffaCakes118
-
Size
420KB
-
MD5
1bd50dc7b3e8edd57e4b285ccdcc3a0f
-
SHA1
238e5e649d7d08fa9ad55e6b52f64ce2ee1b8184
-
SHA256
6f33293b5249254007d2dce8e8e5514b568f0700164aa8606829287221f50e88
-
SHA512
2c9be630c14e841d06ac867e9852a9a5f64bc003b50b380421550b1ec559823ee90bbb2f0c8a99a0bdcaa809a48fedab9762f1ec32f6b2471173ce654ee10aef
-
SSDEEP
6144:3br+YGcLLr7U00LLLLLLVngnPLLLYMj3yR8OpMXPpGkvAs5HxBlWvHm/ScwSxjtz:3fWMLyirP4kvAQvld/SFSBXu2Xguf8K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-