Extracted

• • Target

    f876d29899bbb047f8f5fbb14c702a3ba88a34989d5ebe62b736ca060c1c4625

  • Size

    679KB

  • MD5

    5adafaad972e3ba20c8a9381e00ef147

  • SHA1

    f9ea16679b27fa79944b963f8db45ec00e9fb32d

  • SHA256

    f876d29899bbb047f8f5fbb14c702a3ba88a34989d5ebe62b736ca060c1c4625

  • SHA512

    be246760efab08d080d6f0c1c5b1f312a0e3155e4191c37e86f8b99a03406d61bd569660d32bee4919da4cbcacffbce2763cbc53e32385eaf3ee22077e91e391

  • SSDEEP

    12288:P1iW3qxJbe973FR15E3plnFWSZVcV88B37adcdwARQzySyQST/ZscO:tBj73FjCZlFWWLUa1zySyXhs

  Score

  10^/10

  darkcometguest16_minpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2