Extracted

Extracted

• • Target

    JaffaCakes118_3eb2734ea88707283b3eb88ccc469753

  • Size

    1.6MB

  • MD5

    3eb2734ea88707283b3eb88ccc469753

  • SHA1

    eebd9e82ece266d158c4288f854a564eef24efd5

  • SHA256

    88cb99698a160db280ec6b4f86a9c2b330ad8039762c45895b09f31831ce4945

  • SHA512

    5e3fc4e55ca7bcc441ef6ed0125123bd1caabf88be2a63110875210df9b9c16605ef092221b3b5c8c9835b97bc253da154dce0e7e036ca369f6014f2389699d6

  • SSDEEP

    24576:2YhImw2IclaZF1YHCmptKF0jHtJ0i4MT8:HhIC2ZFKoF0btmpMg

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2