Extracted

• • Target

    JaffaCakes118_bc56976bbcc722af33dee6c3d395be9b

  • Size

    480KB

  • MD5

    bc56976bbcc722af33dee6c3d395be9b

  • SHA1

    2a2e6cb1f22b2fff1b4e1ceb3698ee8800ec59ed

  • SHA256

    b1e54f7e0b8233ec5ff57b3c2aca46b242205915cac4b6e06c51d14911e978f8

  • SHA512

    fd317b6211721210f4553319b57856cba0297179a2f0d41116a3144299d7ff9d9a99c1739e3a3388784f2ad11e37d5fe8afb4439c90ed4b8a333d4e413c54e70

  • SSDEEP

    12288:ty1lFipP5dFl9DhwZ0PRfwzp35HGPHb6kyQwTRHbVDU:ty1lc3TlnwkOaHhE

  Score

  10^/10

  darkcometms-dosdefense_evasiondiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    defense_evasion

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2