Extracted

• • Target

    JaffaCakes118_092362ef67e69075208c724ae99293e7

  • Size

    1.8MB

  • MD5

    092362ef67e69075208c724ae99293e7

  • SHA1

    5461580bd10ff1f995793c66033d12b53bf56f85

  • SHA256

    1076ec5e878c8e71d9430d078799dd0a4d775ad2a23120e38cd8bb93b37e4d70

  • SHA512

    53bd7ade262e421d1726ad79c636919507750ba9b0b7dc34cc7778165cc4fbd474cfb2dd4851f5d5ffc17bb69e53ac0ee557af22818fbb4cf220100974bf38f1

  • SSDEEP

    24576:MMWFK6ZlLOZ2j9cRTPSqANPah6ZFaBLOPZVKTsSxK7:coa9uSqAVa1Cs/K

  Score

  10^/10

  darkcometisrstealeropfercollectiondiscoverypersistenceratstealertrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer

  • ISR Stealer payload

  • Isrstealer family

    isrstealer

  • Modifies WinLogon for persistence

    persistence

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2