Extracted

• • Target

    a9d878f8aaa7ba6371ff5c2fd9a9757e_JaffaCakes118

  • Size

    1.0MB

  • MD5

    a9d878f8aaa7ba6371ff5c2fd9a9757e

  • SHA1

    5923c78a4f018d9a8e06b20e1dbe36ca5b3706bb

  • SHA256

    ae6081f074ea862dbcf3106092c404306d4dae061e921ce0e23ded11af2aa9b7

  • SHA512

    57af05ba2b1d656e85f1cef859d6618c43a5d17a043189cd7876e79ef7b59518167c9ae4f5b8f0fda9c0ea1f020308dd53bd3d0e7275a2c36586313ca72bda16

  • SSDEEP

    24576:CZ1xuVVjfFoynPaVBUR8f+kN1PEByXO5u9jKB:CQDgok3PlOM

  Score

  10^/10

  darkcometguest16discoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2