Extracted

• • Target

    3ddb383a5af8acedb8eda67932633d85a881739fbf9a87b10f664fe743b48c58

  • Size

    546KB

  • MD5

    3ed968b2400a5eca52fcf8dc1422ece0

  • SHA1

    10cc685424f274c7b42d26cacf7ad2319fe56000

  • SHA256

    3ddb383a5af8acedb8eda67932633d85a881739fbf9a87b10f664fe743b48c58

  • SHA512

    e4260b501b476c613a121940de346e9d3d120329404b19a0d6d15862051358698de5528715369c8094b8934661d11afda4176fbf01fed318280f66e04591e92d

  • SSDEEP

    6144:yJanGOkb7CaMWBe/IMr0yRu7ZcUBpofb71/cJlClb:y+G2WBqxgN7ZcUBGfb5/cJlCh

  Score

  10^/10

  darkcometguest16persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2