Extracted

• • Target

    a3d543aed31ac43ca0987da0d4455bbd_JaffaCakes118

  • Size

    897KB

  • MD5

    a3d543aed31ac43ca0987da0d4455bbd

  • SHA1

    18d887afb4ea9701322e515353f20a7426d34074

  • SHA256

    79edc7715d5c43513221d50e7df03d4353d835bb66a5ffdda14c8b26173b0eaf

  • SHA512

    b9561229b3c4beee566abca4131854c9f93f7f1fe169a14481b28444032559db4a99fbd1ea2a384b98537fa51530acdabe14b6cc5b2940d5ebe7f2fb000b9bd9

  • SSDEEP

    24576:f2O/GlATW0TRfddM3W+7FwmxhKbH3rUO46GU:3i0S3W+hwmxUT3is

  Score

  10^/10

  persistencedarkcometkamryrattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2