Extracted

• • Target

    f3cc6afc6f9cd465907bdffbf02871be_JaffaCakes118

  • Size

    300KB

  • MD5

    f3cc6afc6f9cd465907bdffbf02871be

  • SHA1

    5325f67e9370827b35c27c9bb3833cf5ddcba58d

  • SHA256

    87f6887fa47e3e48630a5a46fce5a7470a39dc21a3ac79bdd837ea5b754b6e86

  • SHA512

    343b2a6a98c8d2aecdc9c0eb9c84777b863a6cc1b9d32c6efd3c6da3d0bf523157bab839d32bbdb4d0ea34a5d2850902bc13d49475d9b216d6ba2bfb9062ac0d

  • SSDEEP

    6144:EzrYL/EY/UMDqQHIFkC6ROM6XJuEMyGJod/gb9f8ngcv:tLMCFDqAqRM6XJuEMZJodk1

  Score

  10^/10

  darkcometguest16rattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2