Extracted

• • Target

    3f2b4d9c79792ea67a420650f2d01d19_JaffaCakes118

  • Size

    1.1MB

  • MD5

    3f2b4d9c79792ea67a420650f2d01d19

  • SHA1

    907db779f082447c0c9bf928105fc56dee51214b

  • SHA256

    ad89e6e9a9b1c1be2de2e41fec4ac0b8ef10da7bd7bd083415f6b947b727401e

  • SHA512

    969591f01a9e6d5a726df86da6173a7783e6e505e9b922732078414073e1ecbf5aea7fdb23267c76c60ace949a76521938d16ec0b7f2ae64f4963005e471cabc

  • SSDEEP

    12288:6pIgsk6YJ2vE+hGW1UKIoWq+DqCcyG7OfYQ5M4cbW55+CEVOmBdDfyp2Y1D07rZB:6pMZEnbvqIWA50fEYVwrTo84EfZl0

  Score

  10^/10

  darkcometlatentbotevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Windows security bypass

    evasiontrojan

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2