Extracted

• • Target

    JaffaCakes118_7cc8c2f33bc298c9f83d2d32742c2018

  • Size

    869KB

  • MD5

    7cc8c2f33bc298c9f83d2d32742c2018

  • SHA1

    075a07d76f3a4489f5f07a9f724ef230ad249110

  • SHA256

    451a02b69262853fb285e4ce0a07e13cc48a161ef84634ab38f27eef44974ad3

  • SHA512

    56bb6e7a62dc3a1d6bd192d53529f7b620968209b2f9ba8a905deb04f977476ab41285ac25d18a610e11d4b0e2c42151ff94bb75db0e0fe57d43b46d5f57725e

  • SSDEEP

    24576:FNlEmHpqig4M+Ul9EXypsOjPxIQpnG1Pcr6SN74:FNlEmJ0z7lKCpzjuQFG5gLNU

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2