General

  • Target

    JaffaCakes118_65bbd76ab13a99ce9b3f155c94e88dd0

  • Size

    675KB

  • MD5

    65bbd76ab13a99ce9b3f155c94e88dd0

  • SHA1

    31d4147e685a888189a30eabd00a0b490e62ce3d

  • SHA256

    398fad3b818996e46261174e2fd0f35fc581882f916464496ad1b18752989211

  • SHA512

    2fbb84d3ae7b05a974c3faeecdc20a7fd5456e5fe057b8d6d535b2dd8614cfdfc4391eceaf3ae19448e175bf66fe1b63e9e36570dbe8396a9cf83bbc03172e26

  • SSDEEP

    12288:h9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h:bZ1xuVVjfFoynPaVBUR8f+kN10EB

Malware Config

Extracted

Family

darkcomet

Botnet

minecraft0530

C2

qwertyfuck.no-ip.biz:1604

Mutex

DC_MUTEX-11PT9L6

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    G41tjWTDUorp

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_65bbd76ab13a99ce9b3f155c94e88dd0
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections