Extracted

• • Target

    5af9f8351c27c32d1c9d2179a34a0620_JaffaCakes118

  • Size

    849KB

  • MD5

    5af9f8351c27c32d1c9d2179a34a0620

  • SHA1

    b5046e105332a7fe6c71bd0f7d676158f30309f9

  • SHA256

    e95cc70d8ce174cc2b28667e97552a26a91fcb7991d32a81fd23c9460af69af4

  • SHA512

    436d353271c2e9a1282c89b84fca67d9f03891d0a4800902cd580fae071ff28aa361f2bdfd31bb207a84edc9d029a6257f8f8954f0092f033122dbd048adec62

  • SSDEEP

    24576:o/QCXJSjgFOc433HWfFLj9kN+z9SprkSf2:F6Sjgp2m939kY90Lu

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2