General

  • Target

    JaffaCakes118_33afb325410c0220e64b085f2e1a426c

  • Size

    658KB

  • MD5

    33afb325410c0220e64b085f2e1a426c

  • SHA1

    559e5b36bf40a721f1527e5b5ca73ee45818d600

  • SHA256

    17a9e875c370d9d5817fa7940394f83c3e5dcb8ccd54be4c4cffc81afc0406ea

  • SHA512

    f976d513aa5301953e57a50fc670534bb766211bf933c32a0a7d1e65df9064f056bde2dbd74dd1e9fb5105b8342343f0ea45dfa5a8e26111189db23744570285

  • SSDEEP

    12288:b9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hA:VZ1xuVVjfFoynPaVBUR8f+kN10EBW

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

newbot.no-ip.biz:100

Mutex

DC_MUTEX-QZ24VQZ

Attributes
  • gencode

    V76xRojTDvsk

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_33afb325410c0220e64b085f2e1a426c
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections