Extracted

• • Target

    3353789cc5f7aaf0fe62267ba4c3a760_JaffaCakes118

  • Size

    791KB

  • MD5

    3353789cc5f7aaf0fe62267ba4c3a760

  • SHA1

    9504c838edd1f09d86575dd60c05fd7bed6b4daa

  • SHA256

    c29a86adde686b317f3f8eff8ea4bcea2ec6ca26458bffccd69df81d9a8da57e

  • SHA512

    656d0e40a371403683638bcdf6e5a7ab9b6eef5c3e1d879c0457f0880f824a00a9407f260f661c0f2fb4849bb857c345bd64e4ad7a8396b09abe44018dbc9d27

  • SSDEEP

    24576:A0QRWoJEfg0oChGdJQbjPbNW5tYeP+GFgPHt:bQRV2o3MPY5AT

  Score

  10^/10

  darkcomet4chan3persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2