Extracted

• • Target

    JaffaCakes118_27842660abd6cb66b371c5d50a0bc96d

  • Size

    5.2MB

  • MD5

    27842660abd6cb66b371c5d50a0bc96d

  • SHA1

    8474a082443ee28976d41e614a1a5fd6dd6837b6

  • SHA256

    1077d3ac73deecaaac114d21805338c43444020d037c7fc2cac5a73194856710

  • SHA512

    194392a87e53d63b503e0b345bc2dfef0f90619388cf2c6623f382b6b0ac76bc80030ec9e6cedae8f8b7019cd4f02ae6c9327f167e1ccf0ef321617ad98fe13a

  • SSDEEP

    98304:QO1StCcJrt8JBACb2nlsRPL4ZEeLonaO1febmjm7zXyADwmWIXUIAwUH+HwaOaK9:X1StCce2vWR4E2onaEqzRJWIX5Ale/K9

  Score

  10^/10

  darkcometlatentbotdefense_evasiondiscoveryrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2