Extracted

Extracted

• • Target

    JaffaCakes118_f55a7f2ad3a274dcadf0b2c1ee73eaa0

  • Size

    476KB

  • MD5

    f55a7f2ad3a274dcadf0b2c1ee73eaa0

  • SHA1

    d9594edce4951b79e89b16719253ac32e9ea4338

  • SHA256

    1273c36d8d5d67e13721f98fb1055e45f8cae896aced5fc8493ca69eec36881f

  • SHA512

    a816f6a4c91414b304b13cc5d72b01070ab2b8d085395fb410654c5af77a8613b26b6d6916b689452031dd5ca9e96831b0b135178b198d13d78cabf37627e0ed

  • SSDEEP

    12288:PIDwZ0XM7/Oqx86mpvxy0CDNaOp36J0tZw3gyV:A80XC/OMHmxM9D0OpttLM

  Score

  10^/10

  darkcometlatentbotupupdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2