Extracted

• • Target

    JaffaCakes118_059210d7a24b0d8e288cd9d65827a270

  • Size

    1.5MB

  • MD5

    059210d7a24b0d8e288cd9d65827a270

  • SHA1

    f59ec54d5aa48c1f7dc7db2e9992d3d07d1cfd5f

  • SHA256

    c9b870546741d665be6fd9ae8e80f7a4cc337c57b78431e23600c48e41fb52a3

  • SHA512

    7c7baae6ecba097877ebe943c5a6fd8b0c0c1e0f504d0095417147e4c81a3f035ecdeb2f2debbcbefcad4cbd00e45adaea864dcb47437a26509fcb568e4ec122

  • SSDEEP

    24576:yPnmwiQ93fClAkh5VH2yiln5yAqNAlptFtBny63tj7iFWh0jScurTdu1bE0pgsFS:RYPClLVq4ARtFeARmFWOqTUp1pfS

  Score

  10^/10

  darkcometlatentbotdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2