Extracted

• • Target

    JaffaCakes118_6e8083a447807f812eff9bd74248e709

  • Size

    389KB

  • MD5

    6e8083a447807f812eff9bd74248e709

  • SHA1

    5c078e4855436f790493a0bdf98afea63316c90a

  • SHA256

    a82e7c14e811a755ed8bf5cd459a8a0adb5cd2227fffe5146a21cefcb4273490

  • SHA512

    a969a74baa02d8439d14a871a9ab92b90ef0d418ceb7ffdf00f2de6fbeffef4f251115bfebfa91d7f1aaedc50f514c04f75cc512080c1f00c8807469a964e6fd

  • SSDEEP

    6144:oHHMbpVcZL5Jh2v8zNfvUi74eieyfGSGQNgpw:oH2qZwv8nbaunG

  Score

  10^/10

  darkcomets.d.rdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2