Extracted

• • Target

    0a906f93430bea742fa7b463f5c44fd59359641b8ff7ffd17fad0aee6956d9f7

  • Size

    381KB

  • MD5

    096ba81061b9b3b7936a4bd0dfb4c4aa

  • SHA1

    2fe63a93896d34bf9d99a5ff0463b64df7bca0cf

  • SHA256

    0a906f93430bea742fa7b463f5c44fd59359641b8ff7ffd17fad0aee6956d9f7

  • SHA512

    900c3708d10901b510cc17c818db33000e439e17c9c653d9cad4bd26eefe884d3a1e007991ba563eda7b0da820f4e14d123e07480dd9818d6ee873b2ac5835fe

  • SSDEEP

    6144:Gsf/8tS6zpoyWktBnmYAlcw0hvd96/LM69hMNyJwOf:GsX8AYFTtBmYKcD196/oySNyqOf

  Score

  10^/10

  darkcometccpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2