Extracted

• • Target

    878224ab7f5ced8b033af0afa0da61ea_JaffaCakes118

  • Size

    262KB

  • MD5

    878224ab7f5ced8b033af0afa0da61ea

  • SHA1

    8e59a2d04f134cbf6b6a2d06f123c4a4b3b11211

  • SHA256

    96b55b43390627ab699063ba72b06b59b1c7fece5e90e4e39c761b7df89ae63d

  • SHA512

    84bade13c4c07b7bb9802d3b7e809712350b8e6ec54b87af97fa1333ad9b4af70c27a0b8327a576e9a4c36456fce211050a213a2a5445895e3d62b50f2fa54ef

  • SSDEEP

    3072:vK8mzXs8UuVfh49HMoHiarmz4s4vJ/5uxXdKgwzuuqPK7zTc37Hfe+eS1mg0YWvi:C8Os04xVHhFsY5uaujK7zTEG+CgMjP

  Score

  10^/10

  darkcometjsbdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2