Extracted

• • Target

    1a7623337b1bcf0d422f88607b8b160bd0d43c4079c2985014d597e130dead63

  • Size

    602KB

  • MD5

    52a4476a5e7378b7895f5bdfbdac6420

  • SHA1

    89118b16270a4b2c492864a0f4094bbfb31b9c31

  • SHA256

    1a7623337b1bcf0d422f88607b8b160bd0d43c4079c2985014d597e130dead63

  • SHA512

    ef77cb5a774446fddc51109878539503be221025ce0e8cbb6558fe5e49abebc72df5a540b3cee1f061f0a5e668b0f075d52582fe31982d4f5cf6472cd9097528

  • SSDEEP

    12288:cmVhP7JEbYEb1n4VjBokBoNliMyhwCXbnbqCkRxz3SaV/w:NhFaYEb1n4nPsliMyhwCfdkRJCa

  Score

  10^/10

  darkcometbabypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2