Extracted

• • Target

    76b9d8f69e9fb4a5a9d8efb9b98ded46_JaffaCakes118

  • Size

    760KB

  • MD5

    76b9d8f69e9fb4a5a9d8efb9b98ded46

  • SHA1

    5a700070c6fb5f6eac2012840f83e8e524711bf2

  • SHA256

    cb46ff69389607aa3e2d0f24fe646dbba62b425f421db8322b9c58766375541a

  • SHA512

    448d8163af31a2a068120b7a304ff1776a30114420c3a48b4ec9f9220ffe29372422473b4b85ee0a2bc8ffefb6d1bbc08d1cbe938dfbeaeefda7df3b1b13fa38

  • SSDEEP

    12288:+x9PUtHiov1GOqUuD8Qauj5/e0PuAjF/6p0:+x9PfodGOqTD8QTd/e0JV6q

  Score

  10^/10

  darkcometlatentbotdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Modifies WinLogon for persistence

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2