Extracted

• • Target

    JaffaCakes118_b25d4a1c7e3caddfd7e489d9e77389ba

  • Size

    1.1MB

  • MD5

    b25d4a1c7e3caddfd7e489d9e77389ba

  • SHA1

    02abd2fcd6bdf8ece338941c4407bf362cf2e455

  • SHA256

    3bb1029c0d84010dcc585e5ee1903ebf8b456b80a790109632dc8a6988f9d64a

  • SHA512

    9c3aff9c2f0597a3cc2b804a756060314d08409fa1bbde4dcbbea377a3518edb5c7ba10ff2c223c20004795911e25dfa30d366006d79f69c8ba17ebee7eee42e

  • SSDEEP

    12288:kCdf83r0wfmRTTcCChotw/lKR5U+194aLS/gu9cyx0a8+RYNaFWi7e4iL64cc66i:c0Q6JlZA+CthKNSVgx+WZc

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2