Extracted

Extracted

• • Target

    JaffaCakes118_2dd88ee3b3cb0a34d51af28ced8cfc76

  • Size

    1.5MB

  • MD5

    2dd88ee3b3cb0a34d51af28ced8cfc76

  • SHA1

    cf4a8d579c84230416023c6fb7f1930c3b4bcb79

  • SHA256

    19c3e9f52615b7be44b6c9ec29585aa095e221663fc8148aafa9f7e987585b6a

  • SHA512

    ea9556231f1f464b0b34bec53a81895abef5d569f29a098d5c589ce90c7f7db05c3d4126a3b78dffdadfd91264781225857762f120e3739ba1a888859ccade72

  • SSDEEP

    24576:OmyXhPyzdxAo78uJgzWaQGktz8y7ULKS5SIFFbNvn+W3NJqlKCDex9pWhz6TYhRI:82wms9VzLKS5S2kW3nqL6TYLHG6

  Score

  10^/10

  darkcometwindowskdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2