Extracted

• • Target

    54a34d37db59c9a4ef04ac527817d180_JaffaCakes118

  • Size

    1.0MB

  • MD5

    54a34d37db59c9a4ef04ac527817d180

  • SHA1

    05ce4c697b9ee3fa0ee2c38573fe12485916be0b

  • SHA256

    295db6a7b3d371ff7376714cbd5b17a5184efc95106b2b36a4dc103955651f0d

  • SHA512

    8a37ec67ef2d13c146ca7c0d0a05652458ab8562f30029f962ecee08dcbcd35d734330c5f0a907f7b3e06f047734bc36e7ef9b77c6b3c1c264eb7e07bdce7794

  • SSDEEP

    24576:1WJFGOoP6jMm4FS07UAm4MWL+w+Aq/2RyigLuV9g1x:uEm4FstrWP3yVUe

  Score

  10^/10

  darkcometlatentbotpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2