Extracted

• • Target

    36747532a183b4ba1a6e811dc27831ef1500df572b69eb76e8178ee556ba81ed

  • Size

    753KB

  • MD5

    b85c47f6b022d0590aec492d44629e32

  • SHA1

    715220ad7440730650257b6d89de0f1c0212d269

  • SHA256

    36747532a183b4ba1a6e811dc27831ef1500df572b69eb76e8178ee556ba81ed

  • SHA512

    7417ad21aa9632b368ad179bd8a7eb65d3e7890b5d1515a5a6e29b3ad486bc0dec3d11905595c4a7d5dff875448d012d67baac39756bc28e91e423efa78257e4

  • SSDEEP

    12288:1TX2tbpVym8V9QJ65/llnZQ1qNP3H9z3fx0jdMbhfW5beDsthwdAA:1TCpV6V9QJIllnZQ1mz0JMlf4bCsthwj

  Score

  10^/10

  darkcometlatest---victimpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2