Extracted

• • Target

    5e8acf5ec31ff19535059327079314d7_JaffaCakes118

  • Size

    744KB

  • MD5

    5e8acf5ec31ff19535059327079314d7

  • SHA1

    783e71eec65d29ead303e8f647918fb20675d354

  • SHA256

    43b05ba8653943e98321f3708dc7f24c6652eee6138725f6a41145d45679995c

  • SHA512

    4f168e4bae2edfa732f90d93c04931dbb0fe4a3fa7484c075906cd243489c9bd84c15eab2bd032a192c51e684f028e5171c972935c8160b545a6f72a50a7c0c2

  • SSDEEP

    12288:T8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixib:wUKoN0bUxgGa/pfBHDb+y1HgZo

  Score

  10^/10

  darkcometevasionpersistencerattrojanlatentbot

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies WinLogon for persistence

    persistence

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2