Extracted

• • Target

    48c0f1768c382a1036e36cc8cf198dd66568eebe737acb1a7ef9072e6f02c89a

  • Size

    658KB

  • MD5

    4cfcea18e8c42ce1f55d0765535efe94

  • SHA1

    674fac67b3783038d72de824a69d09c02f3be146

  • SHA256

    48c0f1768c382a1036e36cc8cf198dd66568eebe737acb1a7ef9072e6f02c89a

  • SHA512

    a69ff2bb8509084ba03d0c82ceaedb31f54fa830d258d4568567c6f3403911084a5cc74d8389cfb77987d299e4b45a1288b175feb825b6536257deacfe650b00

  • SSDEEP

    12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:eZ1xuVVjfFoynPaVBUR8f+kN10EBj

  Score

  10^/10

  darkcometevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan
  behavioral1behavioral2