Extracted

• • Target

    ba6dea90299724a179a017ed93506be3_JaffaCakes118

  • Size

    727KB

  • MD5

    ba6dea90299724a179a017ed93506be3

  • SHA1

    d811f71bf8e1da7cdf9ac391edbe6e7b96afbaaf

  • SHA256

    86cac4fc2f7d45a0713923a867416c8d908496260b3f15f746139208ad508430

  • SHA512

    78d45b4f16c2464a676098546adff674c1991e195b2f98003c654890801a390cf7d8cf41b180b7e9b23973836d1a5eeb171642d83482661676c0083695b32d9e

  • SSDEEP

    12288:fPYouHf5XPXbbaeWOLh+p/Oyu2kQyPhSYXK+trUVon+EPfxZVfHa7fbT6TOX/b:3YVfdbba1pGBPQyp5K+trson+EPL9+v3

  Score

  10^/10

  darkcomethondiscoveryrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2