Extracted

• • Target

    175f4a750caf0d226362165ee8498dd0_JaffaCakes118

  • Size

    403KB

  • MD5

    175f4a750caf0d226362165ee8498dd0

  • SHA1

    8d6483d5eeb3aa18ad81befd0058f56500bcb070

  • SHA256

    bf9236bc467d179dd9119f9444f724b526f929bacb3295cfbbff4cfa18d43a68

  • SHA512

    87993bc5aee2b40146162b2a4b6793d5e72da5754d5993a199b7f4df20effdfbf1f94935e16d84a6bd4bbd3ec46c898576669bb2a3651ab89b5c6f4d24a0fa63

  • SSDEEP

    12288:ClghoSqVNJ/Jj03vCGk9wsVzvCGNqHvuCJ:Qg2VNb0Xk9wsBCGqHv/

  Score

  10^/10

  darkcometguest16discoveryrattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2