Extracted

• • Target

    JaffaCakes118_739720bba3b531acc147168b2c1e3989

  • Size

    648KB

  • MD5

    739720bba3b531acc147168b2c1e3989

  • SHA1

    d92cb4d1c4c20984fe5c73fd9d3b14ca06923990

  • SHA256

    c81542a91c35544e0702d4a3a921bd513b9e489a24e4a6a2b8470f7b68a8b091

  • SHA512

    fd2d78bc82092eaf615aaf645e4283a91e76eb87bf83069537ea27ecffd7b3b321485ad48f1ae969629fad42d2d93fee8017a4d590c07d4a11c47697cf8ec92e

  • SSDEEP

    12288:c6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhd:xAmBpVKHu0Mu9Xo20VGLVP5d

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2