Extracted

Extracted

• • Target

    eef67fdc6be4575ee65b60854e658124_JaffaCakes118

  • Size

    1.2MB

  • MD5

    eef67fdc6be4575ee65b60854e658124

  • SHA1

    c31e6e893357ba9f4ae447be835732759997ac9b

  • SHA256

    230c64225092a0fc11f7f5d052420a7356ed704e84d016bc8fde666e83b67e43

  • SHA512

    9723ba6ab2d0ff0540bf57034edb0f29884b5ef69cb9f3f1ee96990fdf96f2acbd54f974c4e293ccf4a96fcde554c2d018ee2db365b9d7591b02732354e3e919

  • SSDEEP

    12288:Pr7LKHi4F0IMpm+50NyhPYnuECeNSwWmjYNDatD6SguZjQ8:XCFYk+oy54SeNSw1jYItpjv

  Score

  10^/10

  darkcometlatentbotsat44discoveryrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2