Extracted

• • Target

    JaffaCakes118_001869f0c707119d1c61a28d39807809

  • Size

    1.1MB

  • MD5

    001869f0c707119d1c61a28d39807809

  • SHA1

    395843f369dd1447fa29a2272384e1b73c87012c

  • SHA256

    e608dbda1dd28a2ebc5cd824438da519fb5f891792e3e700975132a01ce1b575

  • SHA512

    a0fad88a2cf00d3324baed656123ddce7e314558f98029a829d8c1e27a9e4ba126b402b45894d26d49a96e94f4e0a3a896b51bd65d5ba4614d6266bc8db0f29d

  • SSDEEP

    24576:7MwVWXpMrfQZMzHfmExF5qiTdT6srVDXleHXcwvtlc:7ps8tzdT6yVDXleHsAtm

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2