Extracted

• • Target

    f9197d5a2e2d7a2b2f80bb387f7d2c28_JaffaCakes118

  • Size

    1.2MB

  • MD5

    f9197d5a2e2d7a2b2f80bb387f7d2c28

  • SHA1

    4852766feb4948903bc09c9a493bf0f0398c0095

  • SHA256

    5bfa91a23214f1a4bba7efffd224e5fdde2e7b69ecd9fe286b62451585c577a9

  • SHA512

    6a53efdd665ccc6cc0bcd287809326ec9af28b584d14bf448d944fdbca27abde5362353c5793277bd29cffb79a322d034721d120060574aa667335551eff8718

  • SSDEEP

    24576:Y2O/GlDHqFHHVDFNEzQbCG3/QJfSPXYuTfx8n2VuFSWVxNu:nHUYQjQhUo0WbsGxQ

  Score

  10^/10

  darkcometnewbaby2evasionpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2