Extracted

• • Target

    JaffaCakes118_0ec967f57a0c4d081b0246a073dad1e7

  • Size

    767KB

  • MD5

    0ec967f57a0c4d081b0246a073dad1e7

  • SHA1

    3d898ac8995b0383e0d9527b1af9411cf96e60fd

  • SHA256

    2fd9cceceb251d1df2ecc66c8dc6ae5a6952478fb1b3070c3c227db57ea00127

  • SHA512

    ab176a5ac25f5d6517e8cdcc1282430373083c33fd99c834ec0d172a3ab604f8a98e5b07c794758078e04ece25337f4a8604969e4a725f603ca80cb348782a2b

  • SSDEEP

    12288:BRa5Xw2gxiu9zNd3mW1LoOlfbWNOn5bh7xQPyEiTtIhODDVxIkLQr2tQfBKZn6L:BotwbUu9LmWtowFtQBibDEGQqt2wZnS

  Score

  10^/10

  darkcometmay31discoveryrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2