Extracted

• • Target

    6be43b02cbcbbb43fe5760caf02aff32_JaffaCakes118

  • Size

    828KB

  • MD5

    6be43b02cbcbbb43fe5760caf02aff32

  • SHA1

    43422e004f1093f03ffa6ee07261db8fdb536f6f

  • SHA256

    1c3fc888876735d180b715a1e588192336fbafa40a2267ac95e0b0cb7642d16f

  • SHA512

    146bea63727672f36421e0e86e122b8634a82fd57401f8aa285f508eb268b8e029fe6cfb094bf583df116f7cb0a557828fbce2cc8808838a6202cd8f18ac85db

  • SSDEEP

    24576:xKoOUyJVULhmqhj6Ev8XxAv6PWkxzKAQflD:xnOUyJV7qwEv8hE6O6WAI

  Score

  10^/10

  darkcometlatentbotdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2