Extracted

• • Target

    SecuriteInfo.com.__vbaHresultCheckObj.29967.23164

  • Size

    1.9MB

  • MD5

    88da3cb41ad9eaa9824b64be954e4ca5

  • SHA1

    fcef830a7f6861bef97be986d0e4b3a02a1ef27c

  • SHA256

    77dddb8e258184f22bbbf1d17a3e9f121528da1cd431ca26c44a870218ee0184

  • SHA512

    17ea7ce162c125af0f3d7b0c534a344a3f687bad93ded2b9da98502461dd9e2e6803a329c3f661f3e3410bd121bb2ffc82dc3805026d2674027bbe858003d0be

  Score

  10^/10

  darkcometstubevasionpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2