Extracted

• • Target

    JaffaCakes118_7a7168d18cf94852a2578f547e266562

  • Size

    765KB

  • MD5

    7a7168d18cf94852a2578f547e266562

  • SHA1

    aefef4ccb0c2803385e7c13a625b99fa029f32cb

  • SHA256

    2a0726f1a3d0f5c3e3e84ccfa1dd947a2aba787e98674952507d9801de680348

  • SHA512

    2c1be8f04af75e8aca5c8328e3d17369028355cbe61f5cac83854b83190f93b8981a547fb78de8b28981246c017527d88fbf9f915b94bd293f3e93b8edc296af

  • SSDEEP

    12288:D/yNKIEKuBH/WX3VObB725u/SioKG87CvA76VRB+/5i4gPeAIEylo43xu:LBlZ+nVOt7Ku/zkA+LBm1AQxu

  Score

  10^/10

  darkcometguest16discoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2