General

  • Target

    JaffaCakes118_05f07e276f53a179844a37f8473a776e

  • Size

    691KB

  • MD5

    05f07e276f53a179844a37f8473a776e

  • SHA1

    5330689f1b6ed141563b660c0ddef175a5b6fd77

  • SHA256

    d8f6bc70f67dca6083ffdd83bf225d765a05fd4d451d2f98134dce7c02632d9e

  • SHA512

    b25e09ef1063a224139e22240fd741d7e5ba1d8dc7c8da5117260517c289f1c7c7112b86ada3217c71c71dd4b957d9fcc4a4fa3b91eac9f1475955179f107b9b

  • SSDEEP

    12288:t9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK7Zl:7AQ6Zx9cxTmOrucTIEFSpOG

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.178.22:1604

217.84.79.218:1604

w1dlovesboobs.zapto.org:1604

Mutex

DC_MUTEX-5W3MGE8

Attributes
  • InstallPath

    Windupdt\winupdate.exe

  • gencode

    NlJ6aCMaq0fi

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    winupdater

rc4.plain

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_05f07e276f53a179844a37f8473a776e
    .exe windows:4 windows x86 arch:x86

    953362745986d4bf8459e5dd8885442f


    Headers

    Imports

    Sections