General

  • Target

    31634b736954209b03c9290ff05d7ec3_JaffaCakes118

  • Size

    681KB

  • MD5

    31634b736954209b03c9290ff05d7ec3

  • SHA1

    561a9ff8c51fa4467b2406f0bc0a84e5946e6109

  • SHA256

    2a0b9ade7ec21fd819ef964bd5c687439dc0d32a3132fa57ef08a9ffbaa0d559

  • SHA512

    a98582ffe82a28b96d36fa897e1067acb064cd8ecf72fa49e2a421c6fe481a4a82d84f67b55f2302df91e3e6d7793d1425f4e6d1ce42149f3b03d6d479ecb403

  • SSDEEP

    12288:2k0QVlhmPojAPTMEsUTg0oChj/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+8W:70QRWoJEfg0oChjdJQbjPbNW5tYeP+Gy

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest2

C2

127.0.0.1:1604

Mutex

DC_MUTEX-Y19NSXM

Attributes
  • InstallPath

    C:\WINDOWS\system32\winlogon.exe

  • gencode

    QwEVGVFpQmyr

  • install

    true

  • offline_keylogger

    true

  • password

    123456789

  • persistence

    true

  • reg_key

    Update

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 31634b736954209b03c9290ff05d7ec3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    d9ad5efdb5472496d0fe8dd4305f55f0


    Headers

    Imports

    Sections