General

  • Target

    JaffaCakes118_7482b593ef1b73d72d66eaebadeaeca7

  • Size

    756KB

  • MD5

    7482b593ef1b73d72d66eaebadeaeca7

  • SHA1

    d849dac2990539e6c8633b353dcb97a919d84889

  • SHA256

    89d9aaf90bae7500c375f49ba3cd1384c78945cc3cd78ce1219c3a2f9c04d698

  • SHA512

    aac457adc7d2e2f8b4fe45d592b032915da5d9a58aead54beedf403b4775573ab038f6342b114c740ed82fd4f3d8c5b5432183ff216358bce52a6c6605e596f1

  • SSDEEP

    12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h2gxg:OZ1xuVVjfFoynPaVBUR8f+kN10EBl+

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rattatattat.no-ip.biz:8105

Mutex

DC_MUTEX-UVY1ZGF

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    eX8vZpUNr0Yy

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_7482b593ef1b73d72d66eaebadeaeca7
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections