General

  • Target

    f35cec3eacc50d65da694d4a78915a23_JaffaCakes118

  • Size

    658KB

  • MD5

    f35cec3eacc50d65da694d4a78915a23

  • SHA1

    c9e64bf495a16056b9b4d84b13e7cf662580f0d2

  • SHA256

    50eead865b8c7f1340eed849b3b4cedaa1285e1d2e398f88b79de416b94b5ddd

  • SHA512

    a2bf10ac563130d2eaaf7f28b6b9d3ff4add702fe475fa2d54c66f64afd1d0dabe2b8c7522c28d4f1b1a34df46dd43b194bcefd2350fd244635761de889d20b5

  • SSDEEP

    12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLd9Ek5C/hU:+Z1xuVVjfFoynPaVBUR8f+kN1PEBq

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ersg2013.zapto.org:28

Mutex

DC_MUTEX-GY2H3ER

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    52QzXvZVaWLU

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f35cec3eacc50d65da694d4a78915a23_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections