General

  • Target

    176ce8ced727581cc9f115c5aa55edea_JaffaCakes118

  • Size

    649KB

  • MD5

    176ce8ced727581cc9f115c5aa55edea

  • SHA1

    5f927c97f132d52defe29a7b8c54603187570d1c

  • SHA256

    58d1d43c864ff4a3926e02151ec48a9038586394ad3e3bb9193dc26e35718487

  • SHA512

    e0b3901ae184dfda7ebfa8903d2daa3076d96310d28407adfd2c8932b9c872e6e486c12daefe1e1d5568437d54198bcf13c8b7dd650d156c99cd1cc7547cc96b

  • SSDEEP

    12288:Nk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aV7:+0QpGih4bd0rv5+l5szLXj917cqPu91L

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

s3rv3r-2

C2

tengxunsafeupdate.servecounterstrike.com:82

Mutex

DCMIN_MUTEX-2NZCBWP

Attributes
  • InstallPath

    WinDefender.exe

  • gencode

    2mzxGWP6uod7

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    WindowsDefender

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 176ce8ced727581cc9f115c5aa55edea_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    d9ad5efdb5472496d0fe8dd4305f55f0


    Headers

    Imports

    Sections