General

  • Target

    1fe626bf863003dcbc182ff06555eda8_JaffaCakes118

  • Size

    658KB

  • MD5

    1fe626bf863003dcbc182ff06555eda8

  • SHA1

    32eae2194d7d43e1a89b8cb9dd64645ce1fd49ff

  • SHA256

    0c665dd5d03c805679f78902dbc226d065a46531767a615b17fd97f6344f9cf4

  • SHA512

    43fab0b31a81a338cc9fef23e32ae73a65d83c61356fcb89f4068fb03aa87c4c9bd3211e1b29a4f2fdbb7c1c7a49090f29213fb7165586b05e8616e7ec2d6056

  • SSDEEP

    12288:C9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFj:uiBIGkbxqEcjsWiDxguehC2Sw

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

vladshara.ddns.net:1604

Mutex

DC_MUTEX-K5TFQGG

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    SE4BgDmqbg2y

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1fe626bf863003dcbc182ff06555eda8_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    8033c11f8a2fdfc317e8655120579933


    Headers

    Imports

    Sections