Extracted

• • Target

    JaffaCakes118_778ac94fecec690eac086869f95ac060

  • Size

    367KB

  • MD5

    778ac94fecec690eac086869f95ac060

  • SHA1

    fec50d4a5959d350961002edfb7b005b6fb73a67

  • SHA256

    b537be5941e9414487320ddeb7f4589b0344a2925ea10bc87307978ea8504430

  • SHA512

    a7693ec4767c5e217db492a109b5be1cb382b4da8f702f29a22b6eee75f05af26f90fe7594b63d938c4a2105f36a373553dff5ed169082c8018392ce04d1137b

  • SSDEEP

    6144:05liXNmkGGAV9s8jL2/J5X+veGTHa34/ReWwrjpc6t3Y3Eh4o53q:03idmkoq/J5uvNHa3SRRqe3EhrVq

  Score

  10^/10

  darkcometuncrypteddiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2