Extracted

• • Target

    7ce12277d8a1cf1571e742a7278333478c5c4bda817169df3ad546a31545097b

  • Size

    1.7MB

  • MD5

    4d1ae7a48b2d7d91f73660ff0e674e28

  • SHA1

    6e19115fec75bd5ea27d40a9c05158975c91d276

  • SHA256

    7ce12277d8a1cf1571e742a7278333478c5c4bda817169df3ad546a31545097b

  • SHA512

    ce03d22a14e83a3c5aac63c4823ec3b2f6e7c5ef24fefcd3a21edfb785db3ce3ec207dffa0478292581f42e6cc4c03fcb0457bd6c3b9b6006bb0f1c0870d7943

  • SSDEEP

    49152:Kkwkn9IMHea+Wbpq0aPCS+88RQUF0sQEEfGTeB:ZdnVWWbgLPCEJlNnGeB

  Score

  10^/10

  darkcomet3009persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2