Extracted

• • Target

    4e07aeccb3a1ff1420e9f1f7e2b1d934_JaffaCakes118

  • Size

    770KB

  • MD5

    4e07aeccb3a1ff1420e9f1f7e2b1d934

  • SHA1

    e7c32eb99563ffef094df140e40e26fca4fa0b15

  • SHA256

    b6ff8a510ed038f4c2775e0bd31e9d058865d096f12cc6667fa511a76d3d8ce5

  • SHA512

    32ed746884aaa4df0cad743be6d3ed8836dd741914dd5c16e289f211822e1ea7ac42a990aa484b5f5af7c59402d57fecc42c631af4db7f8cb19c986a1fd0b212

  • SSDEEP

    12288:RTwnG4V7pq8bO5z/e6BfSs77AEARkG1t8INUN3kAtltxR/y0ec/0w2RH9gx:RwvPqWIfSsvAE6j4I8Ppz60e60Lc

  Score

  10^/10

  darkcometlatentbotpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2