General

  • Target

    JaffaCakes118_38fb60858ceb5375aa113abfdbcc22b0

  • Size

    764KB

  • MD5

    38fb60858ceb5375aa113abfdbcc22b0

  • SHA1

    4e9a7a9fab94fce6401c1675e80ccb1f969df63e

  • SHA256

    1a34a3400befd993c8aa7cc68288b4f418914d4fe66f0422cb865be460bb3049

  • SHA512

    ca2a63edc47509e1d4acd3d82541cc3d1781446c5d30777d759de3ae096e8b4b48da0e6d14c58e1095b52dc25357e10b0d99c9242dedef4958e77347d4a80a32

  • SSDEEP

    12288:pfbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+N/jXI09zqMd0QZh9u:FR8oYzS12PVaA3LLRHqC+ljXTD0QZh9u

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-X4JZDWS

Attributes
  • gencode

    gzAWY#YJnXct

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_38fb60858ceb5375aa113abfdbcc22b0
    .exe windows:4 windows x86 arch:x86

    e69b174063a8e5f16187a8ea0627bfaf


    Headers

    Imports

    Sections