Extracted

• • Target

    b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df

  • Size

    690KB

  • MD5

    3c5d2b983954dda34a20869edd0ab20e

  • SHA1

    0ae98b776b37d6c26317afaa13b0b59f4342a0fe

  • SHA256

    b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df

  • SHA512

    50b9af5fc454d4b4d1d3096a64e0121bfc555a49cc8a9d7516f2473f7584ef0d5e64e90f5842e34b4a3e2bdc7647883b31272d90c3d3a5bc64c2211a613342d6

  • SSDEEP

    12288:V9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hoJ:fZ1xuVVjfFoynPaVBUR8f+kN10EB6

  Score

  10^/10

  darkcometbruhpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2