Extracted

• • Target

    0f08c77d123024756eec3a6643bc5a57_JaffaCakes118

  • Size

    797KB

  • MD5

    0f08c77d123024756eec3a6643bc5a57

  • SHA1

    0baf67971c671ed44fd75c5218188d6ea251bec0

  • SHA256

    62bc25646fb53fb537e5f7df1a22388ddc86acc54b35702bc33780af37eda5ab

  • SHA512

    9df9189f706d958aaf201cac619671e240a08edb63bf83bbd95a22ec9190a69afee9b0fac42b3803aa5c7d5a7103cc2aac79046a94aaf25b038f59e3e5a05bb0

  • SSDEEP

    12288:bFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0c/qe:53nbWmJVJFwSddIXvfhqbiaxvRFqe

  Score

  10^/10

  darkcometlatentbotevasionrattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2