Extracted

Extracted

• • Target

    JaffaCakes118_22fe23b07b4107b15c83376182bddb4b

  • Size

    268KB

  • MD5

    22fe23b07b4107b15c83376182bddb4b

  • SHA1

    fe4efcc97c60539e039f854dc0007c5f88911093

  • SHA256

    82e7d365b90b48959719ab0848bff83015b3e86f06a05a3bed69af22d65af037

  • SHA512

    ccfd2f7f986420992ec8ee7719a6fafcf460a84b0a8a1554540914ee7784cc0d4064da45361f31b24ef8f1d5e994decd31a9efeee085b1efdd5986bd4078b72f

  • SSDEEP

    6144:C81+gFIaJKvf6XhgvtL5r2nL148zPNwjs+jed0G57Bjkc3e:GgfJK36VnR48z+c

  Score

  10^/10

  darkcometwowdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2