Extracted

• • Target

    JaffaCakes118_33a69db5ee92fd2330412cd2a9c24b10

  • Size

    556KB

  • MD5

    33a69db5ee92fd2330412cd2a9c24b10

  • SHA1

    0d1a36f42fa7677d8dc623952ff3f4eefb841bad

  • SHA256

    9a62282131b7855e945208e71310471957d0257f432ee52fc0bb8d470b70e3f3

  • SHA512

    4f2d28c28dab9e76b74b36dd5f998e606712320259c14bd9dd83bad48c2a3c8a28fda19efb12b4b6f4fccb5341b172680c43266deb176c2153b3dd1d4f5b068b

  • SSDEEP

    12288:sQeVQkTrvj4Xzqmdg3vhdMmYxZfTnEBJf8Fot7FC5qfQcrBdEa:sJQkTf4m8E32nwBWFot7gOFN

  Score

  10^/10

  darkcometnetspydiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2