Extracted

• • Target

    f35cec3eacc50d65da694d4a78915a23_JaffaCakes118

  • Size

    658KB

  • MD5

    f35cec3eacc50d65da694d4a78915a23

  • SHA1

    c9e64bf495a16056b9b4d84b13e7cf662580f0d2

  • SHA256

    50eead865b8c7f1340eed849b3b4cedaa1285e1d2e398f88b79de416b94b5ddd

  • SHA512

    a2bf10ac563130d2eaaf7f28b6b9d3ff4add702fe475fa2d54c66f64afd1d0dabe2b8c7522c28d4f1b1a34df46dd43b194bcefd2350fd244635761de889d20b5

  • SSDEEP

    12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLd9Ek5C/hU:+Z1xuVVjfFoynPaVBUR8f+kN1PEBq

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2