Extracted

• • Target

    67335e841fc21e63098b0a32d295e30d_JaffaCakes118

  • Size

    1012KB

  • MD5

    67335e841fc21e63098b0a32d295e30d

  • SHA1

    27bade2855683b409ee994e69b20599683ab07bf

  • SHA256

    3d2321a32bb4b343b3d2bfd88485fb7bfa4d2bbb3706478cf0a136c03e770cbc

  • SHA512

    37853aecb67696673abe1579b498c77cb3b4cfd6193394ce140aff4ceac8bda2450b719c913101618e4453d4ed1983160e23930fca2a5bd34c3c0ad76906ce47

  • SSDEEP

    24576:9vXCPhdAB9yG+iua3FT7pUSdRrHIQ7YhFB5rj:96pi9yv7fAa

  Score

  10^/10

  darkcometlatentbotevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2