Extracted

• • Target

    JaffaCakes118_8854848a600589da4c3f738a8958ee62

  • Size

    664KB

  • MD5

    8854848a600589da4c3f738a8958ee62

  • SHA1

    b47f082d3938fb97008518e8d1aedf12c34cac32

  • SHA256

    6fda0fd3839b1877b2a675d09ec1438734131c881a5e2c00a18b487f18fae100

  • SHA512

    9a1d0b4d395fd51081e47065e51e1555d7cbf08c2885b72d33594fa5f4ce2727bba0a5e66628d18733a3da9fae37d2dcf90eb8b8dd6fdc0d974adcb51886eb9e

  • SSDEEP

    12288:F9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqRKyh:jAQ6Zx9cxTmOrucTIEFSpOGzh

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2