Extracted

• • Target

    183d900a7a155c3a65c15ea0e7afc396a621e970907ea5a6a9280623d64290cf

  • Size

    1.5MB

  • MD5

    82e3cf33fc4de1705596d7eb0fdc0f46

  • SHA1

    7a5128fc9608abab93b88eacee30942e8db26b52

  • SHA256

    183d900a7a155c3a65c15ea0e7afc396a621e970907ea5a6a9280623d64290cf

  • SHA512

    fdea881a4900bdfabdd859535e40b93e6b95c6108389e9584cf47b41c42030cf9ebd7554383551d78e4b3e573a8482d08a3904ffcdd42823b404e0b81e4ec0a8

  • SSDEEP

    24576:j2O/GlCNpZbBlZu6Ih60nGgAkaabxRrDwusN7TBIwMxXVbIK+QrFWILCTLiL2:VBXu960nGu7brDBwjkZIP8FWIL7L2

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2