Extracted

• • Target

    a39e406a9096eafa928a424f806c7282_JaffaCakes118

  • Size

    660KB

  • MD5

    a39e406a9096eafa928a424f806c7282

  • SHA1

    1e5ab6834818e098b27c1c0ed616a8456ee40dcc

  • SHA256

    e607408e4c002676eb8c7f1a61f5a2c1d2c52b262ca98f71e5218297ccc96bc1

  • SHA512

    b373670d309f7787b7a64d0db7bacd8bfb4d9695a96c9cc10d190b78ea0c3947954a1dcd4be352eb193a3c377f3c51f34387833d16c0f3b79d4189611a4839b5

  • SSDEEP

    12288:UXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UY:CnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JI

  Score

  10^/10

  darkcometbygolgediscoveryevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2