Extracted

• • Target

    5752f7c4f832ba233a2937dcca008cd7_JaffaCakes118

  • Size

    772KB

  • MD5

    5752f7c4f832ba233a2937dcca008cd7

  • SHA1

    782af0d00e76fb7d28a8afea0c3a437734d57faa

  • SHA256

    67f00b691a96a40d3f6d853e721269bcb046ab314acfe35beb0d65a44c6e38fc

  • SHA512

    a97ffa3e6c03f23e52554121ac71902a0c4df69605c1f96faf40014496b4bcc15ddf088ad045ad82cbf0a5839f5800db3d84a330c5a04082fa98e28331a67fc8

  • SSDEEP

    24576:FzBBidsYufpmRFOT16bC5ygoTbfy4lQl:dBBuXypW06bC5OTbf1l

  Score

  10^/10

  darkcometlatentbotpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2