Extracted

Extracted

• • Target

    JaffaCakes118_ea5b6dd2baab2f70d557c07566560bac

  • Size

    804KB

  • MD5

    ea5b6dd2baab2f70d557c07566560bac

  • SHA1

    a26106191e61a078810291024dd70259ce5f090f

  • SHA256

    418ae729bb67f8c71bfd7729813a472644e13b76e5b446bea9014e3991e51f60

  • SHA512

    f317453dfa4d94765672d0d814ba0ffe69c288b07f0c2554fe3ede51e1bcfd426e34a7b7d294e668de075ba4d4cdce69513fd1423a4e80c2651e74629817f971

  • SSDEEP

    24576:eK9HHkb6rqK4tTLr8pmSzFVED0q+sD0QZh9u:eCHHFqKtASzbEbk

  Score

  10^/10

  darkcometguest16_mindiscoveryrattrojanadwarepersistenceprivilege_escalationstealer

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2