General

  • Target

    4a152e4035f9c9e98a81519881394cfa_JaffaCakes118

  • Size

    253KB

  • MD5

    4a152e4035f9c9e98a81519881394cfa

  • SHA1

    3dd73c4fcde3b7dc477d1c99835032f7a732681b

  • SHA256

    726f0333e1ef67ca0f9bf1ca37f63b0cdd1f4112241c7a208bca73de5462f6ba

  • SHA512

    e764ce719989812948a53459c0f61ed73fd597faa8ad04cafe247894a451c1bce8b70f265ac1e3ecfff8387f44b1a76d06caaef2d691f565dd56c8a55df7264b

  • SSDEEP

    6144:WD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:Wl8E4w5huat7UovONzbXw

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

vzlomzokrk.ddns.net:1604

vzlomzokrk.ddns.net:27015

vzlomzokrk.ddns.net:27016

Mutex

DC_MUTEX-J0D6D42

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    nHTAViDmi43W

  • install

    true

  • offline_keylogger

    false

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 4a152e4035f9c9e98a81519881394cfa_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections