Extracted

• • Target

    6c850638e6710308a0423b5053079770_JaffaCakes118

  • Size

    1.9MB

  • MD5

    6c850638e6710308a0423b5053079770

  • SHA1

    ceba9d5c2eaf48f6c0fd85dff4a1ea6e67ce6e12

  • SHA256

    c8fdafdd08e55eba2df997c7d8da4d4092819522b79228157eccaaced13fdca5

  • SHA512

    f8c849c5fa87e12d97ec4b6a00ac951efc8b6fe67173b1010d31e22a79e9a79525a3813c82599126b8b90018c7d3b66981b7c0f22af9216f54604fdf2853141c

  • SSDEEP

    24576:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+GF980iVOq2gI9KuwnlHoMUVmzOZBDf5pPQ:LQRV2o3MPY5Ar/G07lHg/qMvWWOZRb

  Score

  10^/10

  darkcometguest16discoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2