Extracted

• • Target

    JaffaCakes118_6f5bcc1e4b76795b47f195753253ab05

  • Size

    1.1MB

  • MD5

    6f5bcc1e4b76795b47f195753253ab05

  • SHA1

    3e1f1c2d6009386e3ff0f4898bb170629aa27a58

  • SHA256

    2fcf86798d8d50318a7395330dfb966b33bcf3fc33620feb45212de197d701b4

  • SHA512

    d459819bcfd646a9cd5a8d39d2413407f07c2ec248e3f97257c15df51d007b275a724671aa90522b885a260782ab227141705e3d804e7c24d300deda59b8b9c0

  • SSDEEP

    24576:BKyw+xCPzsRic1ZxXU09kTS0lq96L3sDdt:gyw+xSz21Zxh0lDLI

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2