General

  • Target

    JaffaCakes118_2acfcb11353c19f692e654363fe7adca

  • Size

    658KB

  • MD5

    2acfcb11353c19f692e654363fe7adca

  • SHA1

    5b3b4f5cccdf1fc7467242dfeb49da7c3ddb5e35

  • SHA256

    627f6f229f09add842434be6a01ca566ced62b065e5b2710f075c954d1dca784

  • SHA512

    f3342c1997910025c6d3d0a0712a8dc8fcbbe25604fc53169e6d40034b1539a9ff5bd1943f74de84b5d7ef99054137a4e75b852fb1e089acc86a2a9e5876250b

  • SSDEEP

    12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hC:eZ1xuVVjfFoynPaVBUR8f+kN10EB4

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

nabil80.no-ip.org:1604

Mutex

DC_MUTEX-0B1XRVD

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    f7VXCdRiX8Ys

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_2acfcb11353c19f692e654363fe7adca
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections