Extracted

• • Target

    JaffaCakes118_68bf14b59350493cb87ec3d59b2ff92e

  • Size

    331KB

  • MD5

    68bf14b59350493cb87ec3d59b2ff92e

  • SHA1

    ee8898509e88c38913fc23dcc2281f09a7b0caca

  • SHA256

    86f1f83f6e3e1170d2f67668d8332713f8ffe947ddc7d93113ac51a6f8dafd49

  • SHA512

    59d7c33ea5bbc27a0486714c407922507e13b38589dbc48d4c849601cbe46da05f9de0232714f20dee4f9cd4f433e227ad58b576c8bf62ae141cc9cdee221b75

  • SSDEEP

    6144:/2250RPFBx/dItAVV9c9CoiwFZi+nNecYR5FozxMtvO1kLVPSiDIdGU+:/qvP1SC8ZdccYR5FHLm4

  Score

  10^/10

  darkcometlatentbotaspackv2discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Modifies WinLogon for persistence

    persistence

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2