General
-
Target
1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118
-
Size
897KB
-
Sample
240701-x926nsvhkg
-
MD5
1c3f4fee5646b1174d5d4f50924af0ff
-
SHA1
4d6b32ff3337020bbe8ee4db9f46d48ce8236756
-
SHA256
bd776ce9cb5251b38bd212a695e5a9b030ebf1b8f84ee0f055b1b0a852b7b50a
-
SHA512
38d3ae81fcd6eedaf016a6f1aea9a942dc4e44684cc09c64aac70b398c6456f4017de02a8f71c21a40137da21944f6af017b17f77f61ffe2e9d62979291cfb22
-
SSDEEP
24576:XaGo7wr6HAslncJgpy2Psjx12xIRZwthcVM:LqAQsCwx1qi1VM
Static task
static1
Behavioral task
behavioral1
Sample
1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
darkcomet
Kurban
127.0.0.1:81
DC_MUTEX-C0CFCCE
-
gencode
67P1Xnr8ZpiX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118
-
Size
897KB
-
MD5
1c3f4fee5646b1174d5d4f50924af0ff
-
SHA1
4d6b32ff3337020bbe8ee4db9f46d48ce8236756
-
SHA256
bd776ce9cb5251b38bd212a695e5a9b030ebf1b8f84ee0f055b1b0a852b7b50a
-
SHA512
38d3ae81fcd6eedaf016a6f1aea9a942dc4e44684cc09c64aac70b398c6456f4017de02a8f71c21a40137da21944f6af017b17f77f61ffe2e9d62979291cfb22
-
SSDEEP
24576:XaGo7wr6HAslncJgpy2Psjx12xIRZwthcVM:LqAQsCwx1qi1VM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-