General

  • Target

    af492ad9898a50b7cc80c200f33878c3_JaffaCakes118

  • Size

    758KB

  • MD5

    af492ad9898a50b7cc80c200f33878c3

  • SHA1

    290431a139b869b3645c842b9efe0ee70be724b1

  • SHA256

    ec4d2662a6d0c7bf402622ea0ed0782e0aeadf93cf71738c2b8a3498fe97dd8b

  • SHA512

    94e4cdbc6d1cdd2a69be624e92c09f011a58e61d9076b779eb41a5ce4c5da9209b0b3bc7a9398db7d767d6c2ccb83969da291db085979516daf183257994246a

  • SSDEEP

    12288:LXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uw:TnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jg

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

erpis.no-ip.org:1605

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    3UeH82jUifPd

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • af492ad9898a50b7cc80c200f33878c3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    0476e7cb10dfdf778f67f55072917b7d


    Headers

    Imports

    Sections