Extracted

• • Target

    JaffaCakes118_2272c433f5404c8a054217d1824d0b10

  • Size

    1.2MB

  • MD5

    2272c433f5404c8a054217d1824d0b10

  • SHA1

    30525e9022309ba68652cfe1b0fa44c0c18f0bd0

  • SHA256

    01f2bc657631d0632fa15226bc2e288ba20eda46c81c4b3854f2ac9df3af13a0

  • SHA512

    e85f7499fafd592203a07621472db6d6d47f602c91fb45a5fa9ff3ce3a5d4256e1e982d1ff74b49121971cdc0e229ffecea67fe6da26b0fccde907284369bf44

  • SSDEEP

    24576:SCjYRVyfoJE1vQ8J4Elz6vmKgZuV12z4Gnsq/s79Ivv:SCU2oE1F6vtgZm1y4Q7s7

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2