Extracted

• • Target

    557e5a41f5e61261452454142d9e847e76bee97c7275525bc11c2b0a1ecb5ced

  • Size

    713KB

  • MD5

    4e99032cf799aad0a5b32fda617d3498

  • SHA1

    e67deed6bfe806777b04266274713f3ed207fbff

  • SHA256

    557e5a41f5e61261452454142d9e847e76bee97c7275525bc11c2b0a1ecb5ced

  • SHA512

    21aa9b2b080684fb976ce3f1a97b51159feb7a8113e30375ae63ae929b49ef35782755dd4c35b3d5f1c1a4955638532839e31a885e475c8f867c4ba2799453e3

  • SSDEEP

    12288:aKkRlAZIWi9UnAqyYkYIxPzO7/zeGI/l6HijbiPFFJuPLn:asZIWvnAGkYuqbvH7yPj

  Score

  10^/10

  darkcometneshtaguest16persistenceratspywarestealertrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Detect Neshta payload

  • Modifies WinLogon for persistence

    persistence

  • Modifies system executable filetype association

    persistence

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2