General

  • Target

    8fb054263f441ee44bf20f7d9a364e3d_JaffaCakes118

  • Size

    700KB

  • MD5

    8fb054263f441ee44bf20f7d9a364e3d

  • SHA1

    a75b5d8cf569b04033d3910ca6045a105bf46736

  • SHA256

    501ccde156c54df0367c00411098d252d35de3f6c77ba9f925443e721536a3a4

  • SHA512

    ab517e731bbd14b7c7271f482bb9f6f73d5a891373ee43a26068ec9faa775caff11f7fb9cd95af327ae2e81f66d3a40380a00dc95ba7069a7a51217c818891b6

  • SSDEEP

    12288:I9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hH8I:8Z1xuVVjfFoynPaVBUR8f+kN10EBH

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

COMPANY

C2

austinabbey.no-ip.biz:1604

Mutex

DC_MUTEX-QWK9ER5

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    DVHtxRe2Naeb

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8fb054263f441ee44bf20f7d9a364e3d_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections