Extracted

• • Target

    2087d593169373cd54691f23372cd22c_JaffaCakes118

  • Size

    2.9MB

  • MD5

    2087d593169373cd54691f23372cd22c

  • SHA1

    1377c985247c1157ccc77fd831a180d65d376b22

  • SHA256

    6021402cc965e4a5aa9839472755d41b525a30f502a7e7eab53ba6935b185438

  • SHA512

    9b234052d10378e100d10e9262cb05a600b46ce7ab38bae137a30f2de9040d246aa5446133d4f7054266ad32a4dc1ff9e11f1ae04b3177cf810b4986ad4274e5

  • SSDEEP

    49152:ge9MZIvECZNdyOa0LgLqGEyTMQCGhO7qMM2RPME3Ap:gUEAIOa0aFTyqNQxQp

  Score

  10^/10

  darkcometlatentbotpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2