Extracted

• • Target

    JaffaCakes118_0e1eb8cff971ae5cbd4dc988764e420f

  • Size

    423KB

  • MD5

    0e1eb8cff971ae5cbd4dc988764e420f

  • SHA1

    8c7f60eb1be1c8f89aad7eb26c472437321b95bc

  • SHA256

    48f6c4f34922b01cfdea0eb8e90798d6334678aa24ffb60cd284028bf9cca7de

  • SHA512

    a428306391973c802f81e96b7d123aafebe5c6eb83eb54dc7c962eb256aa2eb37f8ae22f986fcaeae9da4a7c753ee460504e0ff297c9a62d46d337c84c68530d

  • SSDEEP

    6144:VSncR8Zp5Ogg3VuwK0kiKPliq6peQmKbx+y8jIDIM8TAex5xqDfb9/6hSBhMH:84kqgg3AR0kbi7y28Ur8Td5mb1/O

  Score

  10^/10

  darkcometserver1discoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2