Extracted

• • Target

    c263c6ec2efd2f2a0960ccf96cf2411725b7a103e77453f15884a05cd3e70903

  • Size

    348KB

  • MD5

    2e7130bb2600fa3254f989686291ca82

  • SHA1

    8fd254baece9ef350af8599903f6a6fd318c8892

  • SHA256

    c263c6ec2efd2f2a0960ccf96cf2411725b7a103e77453f15884a05cd3e70903

  • SHA512

    66b7cc7df44b1910232568058a87f2cf6aae947ec74414b17a0f8034397db2a81ba275129f142a28166f70fa1590cbfb129df158303fab75cbdaffb53a5fe8a1

  • SSDEEP

    6144:k9+feVjBpeExgVTFSXFoMc5RhCaL373S/M7PLwcNYS996KFR:5ZlPzCy37qcccW7Kr

  Score

  10^/10

  darkcometneshtaramnitguest16bankerpersistenceratspywarestealertrojanupxworm

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Detect Neshta payload

  • Modifies WinLogon for persistence

    persistence

  • Modifies system executable filetype association

    persistence

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2