Extracted

• • Target

    4e89358ff1981442e21e143b816779d9_JaffaCakes118

  • Size

    658KB

  • MD5

    4e89358ff1981442e21e143b816779d9

  • SHA1

    729314daf2af598ac8d6b038c390f122fc497cea

  • SHA256

    ef5cbaaa9328dc0a0e87f7f0a32c053a66fc3a81fa02a81ea98fd29f5d868017

  • SHA512

    9a040eb219d7e4d94d39ab2d6cc762d7337e6470b1a82bf0d9e653c5cac88a3f88109b0d06f26c4d875528b305a8cd3abec1fc564c789100edff540900ead907

  • SSDEEP

    12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:+Z1xuVVjfFoynPaVBUR8f+kN10EBK

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2