General
-
Target
1c17e4a92baa5d7b52b95094b2172963_JaffaCakes118
-
Size
1016KB
-
Sample
240701-xcl37atbjg
-
MD5
1c17e4a92baa5d7b52b95094b2172963
-
SHA1
e26e6da69e7ce8dc8fabc2382f19e4d85132ddc4
-
SHA256
d5b1abc26bea2c55743f859164b149b9a402a936258ee9b1ee35dae0b8c7b2d2
-
SHA512
97d77a9d954dbfef8c406b9d4802ca5d1a14214785cf45df5ffe0d6c65b2f1262ce3b5aec54e475959aeaca29bca0c886b3659c04c4acc3e2f4f825af75cc79b
-
SSDEEP
24576:Nc/2H4k7ywop9i85kc1pMNpvbnX2bV8tSyh7T:++H49p9LZM7bnX2ZISyh7
Static task
static1
Behavioral task
behavioral1
Sample
1c17e4a92baa5d7b52b95094b2172963_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1c17e4a92baa5d7b52b95094b2172963_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Perk
perk.no-ip.org:1604
DC_MUTEX-X5ELGV5
-
gencode
n0kiaotACnAR
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1c17e4a92baa5d7b52b95094b2172963_JaffaCakes118
-
Size
1016KB
-
MD5
1c17e4a92baa5d7b52b95094b2172963
-
SHA1
e26e6da69e7ce8dc8fabc2382f19e4d85132ddc4
-
SHA256
d5b1abc26bea2c55743f859164b149b9a402a936258ee9b1ee35dae0b8c7b2d2
-
SHA512
97d77a9d954dbfef8c406b9d4802ca5d1a14214785cf45df5ffe0d6c65b2f1262ce3b5aec54e475959aeaca29bca0c886b3659c04c4acc3e2f4f825af75cc79b
-
SSDEEP
24576:Nc/2H4k7ywop9i85kc1pMNpvbnX2bV8tSyh7T:++H49p9LZM7bnX2ZISyh7
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-