General

  • Target

    2cfdb66ba3dd6feff117947e64443557_JaffaCakes118

  • Size

    758KB

  • MD5

    2cfdb66ba3dd6feff117947e64443557

  • SHA1

    ce88af59118aad643c203bc9b7956e18df5d2f59

  • SHA256

    14b6f1b8dd76bcdda430a82da4bd7a8d1403df104cea1e7068de771773a98fd3

  • SHA512

    72a0ad02a0127cbe5e17292e452dca717410b76162b60e8338233d4b5bf60c80f2430fb1b0bcbea3a540cf749a4523970869d77aeeabe2239944f36214608422

  • SSDEEP

    12288:6XhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uz:knAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jj

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Kurbanýmýz

C2

hasanmertsalla.no-ip.org:1604

Mutex

DC_MUTEX-PV6Y7BM

Attributes
  • gencode

    2silwNHYheBa

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2cfdb66ba3dd6feff117947e64443557_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    0476e7cb10dfdf778f67f55072917b7d


    Headers

    Imports

    Sections