Extracted

• • Target

    ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

  • Size

    782KB

  • MD5

    63eadfafe6bf9323ce4a47536ceeb040

  • SHA1

    b7e7c9bd6ddcd51d9d486d8fa5c71a23d0abb7bc

  • SHA256

    ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

  • SHA512

    9d4c3d422d43859ae4766f8e8d15fd9bd2d4012422ff2760472b04a28bb918dd34a14cc7929dfcafe93df4d859dce211c059d40f348b893b59e05f0dae40abcc

  • SSDEEP

    12288:iMbL4uzi/ws7tIf3/b9IJVGuBIDX0tRodbxT9gr5vIBwvOjldFLU:bbc0i4ff3EGuBa9IIi2dLU

  Score

  10^/10

  darkcomet.illpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2