General

  • Target

    efceb677e4ee0b9444bbe13d5e909485_JaffaCakes118

  • Size

    284KB

  • MD5

    efceb677e4ee0b9444bbe13d5e909485

  • SHA1

    a89095b9b75d690b8acdd1eef5e1531f841430bc

  • SHA256

    3b906a3e217a998ec17389e3b94f45c5847c4551c0de84fcc6554e1228cad627

  • SHA512

    095e6b77b495ea099aee6bb29e842b6a703e527f309cb1681efd085c994c5f23cf4c4e383052e78b274bd59af39ea4870f9497758669facaa6f91fe542726942

  • SSDEEP

    6144:WD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZLM:Wl8E4w5huat7UovONzbXwnM

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

kikkhalil.zapto.org:1604

Mutex

DC_MUTEX-AFV5KMN

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    lsRmvmUBQ8cj

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • efceb677e4ee0b9444bbe13d5e909485_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections