Extracted

• • Target

    47edd481436b70c4845d42521ae6fcf01ece877ed4a472445a091282c9d9c661

  • Size

    283KB

  • MD5

    10cfa9d58a011d0cf3f0c1f6fce41b00

  • SHA1

    0134dc99f55549b848be2a3e9512d76862bbf70d

  • SHA256

    47edd481436b70c4845d42521ae6fcf01ece877ed4a472445a091282c9d9c661

  • SHA512

    d02f7d7150a60ebe1f798c37099778d61f1a04dc6a56feb218f4a6dc87d6029662810a76d918f4075557c4618aa7b16dc81e4e0b015f3c9419d0e3e8f973e830

  • SSDEEP

    6144:XcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0P7d:XcWkbgTYWnYnt/IDYhP7d

  Score

  10^/10

  darkcometguest16evasionpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Executes dropped EXE

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2