Extracted

• • Target

    JaffaCakes118_21818bc6b6c98bacce21df10e72f4d0a

  • Size

    1.9MB

  • MD5

    21818bc6b6c98bacce21df10e72f4d0a

  • SHA1

    5fac843dc5ce8b48262ca030ce01463d80824184

  • SHA256

    87aa2cf346fb9887859ebc03d78a666328d6b9bd770962b90b1f26d2dde6873e

  • SHA512

    de94439dff54d40799828544718be45ec39f26f1c3c2479700814c5fbba59db91b9ae22be9c96bfddb2221419347c9802f3951f6c0e391f5104f5f3056680b8d

  • SSDEEP

    24576:T5xiSRahhgz/Wwo6rWXaNolQmISumq8guPKp/hvVsAz8kyGSdyyKZlujrJqsWCJT:T9WQWqNoEpVhpmLhrHLzdNu8V

  Score

  10^/10

  darkcometdiscoveryrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2