Extracted

• • Target

    96f22769ad18a62a9aa16e275ae76ceb_JaffaCakes118

  • Size

    603KB

  • MD5

    96f22769ad18a62a9aa16e275ae76ceb

  • SHA1

    3df2efa1760b489ffd4d87c035829ee6fc1494ef

  • SHA256

    8423a3e01e4aae1a0e97a300e5761acaf5cce69c6c699e4c66c4766ec889afa3

  • SHA512

    4a20b840946fb97a8eb9a64287e5df6dbb98f8688ed81575da040e682d61c60ae9a8907dae200441aa431b45e0cc31b5f2d2f2964b2a42fa683a33bb01cd32c0

  • SSDEEP

    12288:mNdxlPSzIeuLvUeB285FVEQpljNciL9+MkIsfDtHuUTpYxHMG:mNdx3LvpjFOISiMI0tt4HMG

  Score

  10^/10

  darkcometgspikediscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2