Extracted

• • Target

    3ddcda97bc3f6568f1f5337b8c516206_JaffaCakes118

  • Size

    816KB

  • MD5

    3ddcda97bc3f6568f1f5337b8c516206

  • SHA1

    3f5d027dacb4943fe26d84d34a42ba2e47a059ab

  • SHA256

    2467ffec38087ff1bfc619dc3c800b0251a70431f7a59c7823aef0e601374097

  • SHA512

    86bc8293c6b48fc17ff41c0b1269e8679be7a8a7927f671f4689bb60abcb882b991acb36a0d5ca3dad43e847267672a13c4362871997a291ab2b091989477e2f

  • SSDEEP

    12288:C9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9L32:wAQ6Zx9cxTmOrucTIEFSpOr

  Score

  10^/10

  darkcometlatentbotevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2