Extracted

• • Target

    a17860f4995ff2c69420d397d8683f0b_JaffaCakes118

  • Size

    628KB

  • MD5

    a17860f4995ff2c69420d397d8683f0b

  • SHA1

    bba821623df6d4bae9b5401b539e197b7aeecbb6

  • SHA256

    ec4c1d8b7d07b17db8c31b16c0c0af488aae266afaf727c40bdb84eeb69ec44e

  • SHA512

    7b4e0f6f48d46edec41846f703dbad46667ba5ac71b91a786a0d8a0b918c4c714816bc5c108f03994b2dae1a4f757fe225cd65f0a3ccf3e08a16fdfa30b662f9

  • SSDEEP

    12288:Bl62RLeQqWg5CS9Xg9MCOgBC1rD/fJ6E3SCEnZO8XBOMSHcEX0lg:e2RLejJ5J9w9ML1rTfM33hoMNED

  Score

  10^/10

  darkcometöííédiscoveryevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2