Extracted

• • Target

    fec5c46e06757f6e85f6a9a27bea1d40fda2e85f873de4807c879b882520b7ec

  • Size

    349KB

  • MD5

    4a6ad8215d24bad1a75554052c28a833

  • SHA1

    408a710b24b1efe8aa80aa587ad10e3b68a3da17

  • SHA256

    fec5c46e06757f6e85f6a9a27bea1d40fda2e85f873de4807c879b882520b7ec

  • SHA512

    78020a225b3658db91aba84a5bda8644e9c81e6ed10e0e3bdb8fa016f517b9b3ab8b5e17744a39efc0a8f256a8ad2bdd447c1af04e09592c7f979872fc4cfcdd

  • SSDEEP

    6144:EcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37K:EcW7KEZlPzCy37

  Score

  10^/10

  darkcometguest16persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2