Extracted

• • Target

    JaffaCakes118_000b722a553edea5e8ccfebbdf4c26e7

  • Size

    368KB

  • MD5

    000b722a553edea5e8ccfebbdf4c26e7

  • SHA1

    1f6cbc616372e9ab6ab36055f5c0636c502fcab9

  • SHA256

    efed9072e94e504cb5c6132f7443d0fdc554cf2b7da83bd249fee761736409e1

  • SHA512

    93c88e27bd8975e3488a4e69f83158f643c0f0a2ad833d2db44407e0a3e6125dcb210468ca274fb4f71c6e0261e9efbe14bf3e79163e230937cd6d8b16071dc2

  • SSDEEP

    6144:wz+ZIjb+ovOxtdbaXq38GH1WMYl3cZzhP8l403oJ5fKhQSHHBwhE:wz+4XOQYrVNYl3cZzhPV4FHBwhE

  Score

  10^/10

  darkcometlatentbotdefense_evasiondiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Modifies WinLogon for persistence

    persistence

  • Windows security bypass

    defense_evasiontrojan

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    defense_evasiontrojan

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2