Extracted

• • Target

    452287b44889270579355c08e9663733_JaffaCakes118

  • Size

    648KB

  • MD5

    452287b44889270579355c08e9663733

  • SHA1

    8e9fea50314ddf0216d78334bf5544ba03c7b0b0

  • SHA256

    9df6403ffea68f4e3e46da125f0e18590277e482507e87e5c715103334a2029d

  • SHA512

    f64e1599c3f5992041045674ab7cc943cd632cad1e455068b1fc33c0779b5d3992e5a9f034e3cc6df70b90c8db9b0797847cb8683c4762e09c7a06d7744693ad

  • SSDEEP

    12288:g6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhh:lAmBpVKHu0Mu9Xo20VGLVP5h

  Score

  10^/10

  darkcometlatentbotevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies WinLogon for persistence

    persistence

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2