Extracted

• • Target

    f850a39e38c3e6d21d7b2b628333020a_JaffaCakes118

  • Size

    1.3MB

  • MD5

    f850a39e38c3e6d21d7b2b628333020a

  • SHA1

    40cc05b05ac2f4afc74a0c7f7637b7f959b1f9ec

  • SHA256

    3a22773a05dad02a825e6891e5ad6e7ad8b3bd1e6dadbc2d74b126be98a67c28

  • SHA512

    a77cb4ada2307eba4c4168fdea6bbe847b5fbdf015b8a8cf016f513073fa5fba502a08d1aeb88acfbf958dae9c9d91c2276f876dd8171201a4f06a589339b357

  • SSDEEP

    12288:KLeLCFLSBHiQKQZ1mDNjZia2zZJ47v6es/OOKEqO0jWVKebcIu8g3zMBYjtZK9+O:

  Score

  10^/10

  darkcometguest16evasionpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2