Extracted

• • Target

    4ad1d7fecf5fe5f53d1089c05633ed2e_JaffaCakes118

  • Size

    984KB

  • MD5

    4ad1d7fecf5fe5f53d1089c05633ed2e

  • SHA1

    5cbb0d0da628682454ac4e24fc9550f18cc95bd8

  • SHA256

    87f6ca66ff40533b63ed610e2e496a9c569be7414501cd2b8469db874692f984

  • SHA512

    6cf33f041b0a3201dcdd0a5baa7f32ed16d6792a0ed45836898f02c11763cfdae5ba6f8b228042f5e98f61c962353e2467074e72da599bed0ea36a721b2adb09

  • SSDEEP

    24576:LGr99O099e9X1y99999999999999999999999999999iSB8xopQfrbkcpOP0nNCQ:/6qWpQsH0kK1SYpOqHs8u9

  Score

  10^/10

  darkcometmy slavesdiscoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2