General

  • Target

    JaffaCakes118_78b582e8e72d96f39143a06a67204105

  • Size

    658KB

  • MD5

    78b582e8e72d96f39143a06a67204105

  • SHA1

    4bf09be3a89bca26684ad84ddbe116c5a926596b

  • SHA256

    2711904d62b5d93aead01dd41e0743df03bccc232181235d140555b14d291c8e

  • SHA512

    459888e97a9ea888c7f47cc3e91424b132f55f739e8319dde470af0760458fd7f120f26e6ad8e8144ef76a6f02b67237cc130bf604cc7c7c4df1e19f77d19a9b

  • SSDEEP

    12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hs:uZ1xuVVjfFoynPaVBUR8f+kN10EBG

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Hax

C2

st33lc1tyf4n.zapto.org:5050

Mutex

DC_MUTEX-GX2NXU2

Attributes
  • gencode

    Ck8rZHKuqbwF

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_78b582e8e72d96f39143a06a67204105
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections