Extracted

• • Target

    6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26

  • Size

    472KB

  • MD5

    428cb0db369019384072df4432724dde

  • SHA1

    5ca8272d0c3946dc665f6f597b016701a2869c04

  • SHA256

    6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26

  • SHA512

    af66566cb2ad51a3d57b528a35481daf20d0ccaad672b01a20fa1ee8ffdd4b722101b0e2f340cf8d4801d3b2b309909b249f84c7a090c1fe2d81e38339809c4f

  • SSDEEP

    12288:EY3F7cDylczfadxLU6OoNUuyQzX16cKHD8A55:EM7cDyliSPbN1ym16cEDv55

  Score

  10^/10

  darkcometvikkypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2