Extracted

• • Target

    8c2b70097f43caa0d0b4d43a3cfbe069_JaffaCakes118

  • Size

    622KB

  • MD5

    8c2b70097f43caa0d0b4d43a3cfbe069

  • SHA1

    966b6aefdaa2a54fb694511922e2b2a282d01f0c

  • SHA256

    df5fa59d95ba2c580af47271cf77c4921e9c9dc25d1b4bb43de889e285e13877

  • SHA512

    8361d5135a1250b0d67b41ec1a8d5e05c87f074b1f8f804adbb22eb0897da6e7ddcda146e26782aaaa1d9c71fb22b4eb69b10c692be40a8ddffef2870236eda4

  • SSDEEP

    12288:YDsMPIe0KKfnp+ho7PW6EDHEcBk/RckXUJU22Kb+1ijpUlUUiYUeW1RMzC:zohSIDHEcyJczKkqvUtYUeGREC

  Score

  10^/10

  darkcometpkediscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2