Extracted

• • Target

    JaffaCakes118_78ed27b6643f73e861b135aebfbcabf1

  • Size

    658KB

  • MD5

    78ed27b6643f73e861b135aebfbcabf1

  • SHA1

    e68c4485b01798cc8c9df5072be47c48314706a1

  • SHA256

    5d62a1ae398aeb0c19c5b66ff73cf0b6b38ffd804bef9e34026cd2dfb8353beb

  • SHA512

    6bd2654e92f7a8b11cbd506bb9893982bc2614052153c1c8eb933e251ff1f51c8fb3b0b2ba1df1b24d7b28749ad46c8447bb8a462ceba513060c1c295eccf56c

  • SSDEEP

    12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:eZ1xuVVjfFoynPaVBUR8f+kN10EBr

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2