Extracted

• • Target

    7dcb161b14ca739323b7b7b225fe9399_JaffaCakes118

  • Size

    960KB

  • MD5

    7dcb161b14ca739323b7b7b225fe9399

  • SHA1

    1ab208956de9f12ad38f85a96df460cc230f4738

  • SHA256

    b4fcd8a1db7185a8a98242f364ee2bc287a395c14192636d9b2ba18d3fffafc4

  • SHA512

    d2e0cbd92e557168970153ef246e3f1f525be8a1bdb50a7bef4c2b83e92ad5fc8eb2a9abcf6e5aa3df04c1d1dd31b54b6195b20f9942d2c6e4feeff5d4d5371c

  • SSDEEP

    24576:0lMUmv5Sb4wEKVHhVKTSiHw+ABdF1+Wa:eMzBKtQnHIdF1

  Score

  10^/10

  darkcometbootdiscoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2