General
-
Target
21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118
-
Size
346KB
-
Sample
240703-kjjkesyerj
-
MD5
21ba5dec8e7d7021a398190eda82c90a
-
SHA1
212fea82dca086308043dbc27c17791b8aae5863
-
SHA256
e80730c033226893146971da32d924fd368df56a340523c03752c92e971e317f
-
SHA512
cfb5c1ba3e5f1d296cc0e6fd2c036e9f9bb907da2fc82b7d636d9e837d79b6fccf8e1b41a98d4da91916f58a658708b6b19626e7a0c9729b351c9df26ba77957
-
SSDEEP
6144:kScwMXuUrdIHwfBrvGv8PC4SMhroCaBbONqDFenq64WXy2w4wjvX1KID52kz:kSpordIibPC4SMX74Fiqj5P1D5
Static task
static1
Behavioral task
behavioral1
Sample
21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
Guest16
smr9.no-ip.org:1604
DC_MUTEX-G4HJPCR
-
InstallPath
MSDCSC\lsass
-
gencode
4RT1F8YxjhmW
-
install
true
-
offline_keylogger
false
-
password
123456
-
persistence
true
-
reg_key
lsass
Targets
-
-
Target
21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118
-
Size
346KB
-
MD5
21ba5dec8e7d7021a398190eda82c90a
-
SHA1
212fea82dca086308043dbc27c17791b8aae5863
-
SHA256
e80730c033226893146971da32d924fd368df56a340523c03752c92e971e317f
-
SHA512
cfb5c1ba3e5f1d296cc0e6fd2c036e9f9bb907da2fc82b7d636d9e837d79b6fccf8e1b41a98d4da91916f58a658708b6b19626e7a0c9729b351c9df26ba77957
-
SSDEEP
6144:kScwMXuUrdIHwfBrvGv8PC4SMhroCaBbONqDFenq64WXy2w4wjvX1KID52kz:kSpordIibPC4SMX74Fiqj5P1D5
-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-