Extracted

• • Target

    3c2018f11cefb5db7100e697418e450af19662d967ca3400a4dde5a2b14019c9

  • Size

    970KB

  • MD5

    0eadb6e81496d6faed849ad24035e7b6

  • SHA1

    e0e80c764356fc0c78bbdcbe477025b8cdee0e9e

  • SHA256

    3c2018f11cefb5db7100e697418e450af19662d967ca3400a4dde5a2b14019c9

  • SHA512

    9d73fa89ce71dde8bd9131f7f26bb879a5be4fd7a70a547336ab9d00f3f842d0d78fd181e848ad5b00f6fb5a150dbdb556c42808c1b90b827932b3f5cedaf2c9

  • SSDEEP

    12288:7oSZvlA+uzoR1Jl7qiK07emMP5YIU5sZstCGsOW0mGWLY1KOMGqJ3hr2Iypo2IZi:XZvlA+VRJ407e9VUYY95KVMf0ZgtF

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2