Extracted

• • Target

    e78c0891b24f900206dafbadae9c5328_JaffaCakes118

  • Size

    16.6MB

  • MD5

    e78c0891b24f900206dafbadae9c5328

  • SHA1

    0d6f5c6067d91a2dfbc866a0413fcf6a9d46d3ee

  • SHA256

    ea5c1ca56477a08c4167692518ba413dccd4324b074b2480197d64d755a2b960

  • SHA512

    ab1aeaf9cfed2ed71ec26c65a81022793fc80812e9cb012e3f33da5214b4610f9f4826c30bfecd012bcf945102fc3a5abe34fd6c14d1ec96e7d7fb4e677d323a

  • SSDEEP

    196608:VQ3M+06ySEoFc1je68GysIdcpdigxFIcx0S46nIh:VaNySEGcpe67ysIdATx54Jh

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2