General

  • Target

    0104907eed9e54c2419933d635c8882b_JaffaCakes118

  • Size

    709KB

  • MD5

    0104907eed9e54c2419933d635c8882b

  • SHA1

    1e492614b76775c37f5bf453dabf10f459231f16

  • SHA256

    fba5cb745a133db3a20043a8a255515a43e851cd22218688b76b7f5fad4a6108

  • SHA512

    fb4d3b6a020c4c6aaa5f3854c91aa84918fb3b327bdbbce11f67c972bfa8d4940f2b6b27b9134c6ddba051e7f5346b975e7754323aca967af73258958d924936

  • SSDEEP

    12288:Y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hwe5V9w5P:MZ1xuVVjfFoynPaVBUR8f+kN10EBSOVa

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

New

C2

guadagnareonline.hopto.org:1604

Mutex

DC_MUTEX-STBVEMZ

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    Usi3icsCEkiS

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0104907eed9e54c2419933d635c8882b_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections