Extracted

Extracted

• • Target

    JaffaCakes118_2360ac59a2c7eb83cf615b6eb7878246

  • Size

    868KB

  • MD5

    2360ac59a2c7eb83cf615b6eb7878246

  • SHA1

    bab4c74fbcaf3a3a91a17c441d0613b4d3de57c1

  • SHA256

    739f53c11b8a98baf715491058fd72101a4e49452938b20349c6254689838862

  • SHA512

    34e2860b62406e5fb7c9a4145be653e2d91a6d17db457b37a4c205222590b277e82c588839e70d6906953c64f3c3318f05cedf74caf02cafd46c5412abb604b2

  • SSDEEP

    24576:B7I1CObop4dRTa5hqY+pTdFinK624T14:Bc1zo/5hqYz24Tq

  Score

  10^/10

  darkcometvictimdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2