Extracted

• • Target

    5a998b58982968c8b35585f8b7509d3c_JaffaCakes118

  • Size

    350KB

  • MD5

    5a998b58982968c8b35585f8b7509d3c

  • SHA1

    10bc0bf12dfb10267a671249a3c6b7586230bb02

  • SHA256

    e36e5cab75ee373765d6ca5675f920d0ce9afe3203ac64dd36ee658ef6fdff19

  • SHA512

    e91ccc719bd9f0ab8c6324ae5dfe623f9eec0d5e47039cc99c12e171de75c45da56242adea3e6b462ad822829c0c5234da9e6118378494641c68f96b8a29eccd

  • SSDEEP

    6144:lD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZqu:ll8E4w5huat7UovONzbXw

  Score

  10^/10

  darkcometbulbuldiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2