Extracted

• • Target

    841262726e83cc2a62b2c0d523426bcb6a38829b033a6530ec3e76b6521ebe05

  • Size

    522KB

  • MD5

    9dfb07602ea0746b21957d2610ed52d9

  • SHA1

    1114f93efba5d9992ad8b71363db60b24e219b6c

  • SHA256

    841262726e83cc2a62b2c0d523426bcb6a38829b033a6530ec3e76b6521ebe05

  • SHA512

    b6a646ab82e4910e818aa07525264f2548a17c42837ca3cdb871627ee4ac840501d8afa2f2c62e1ad24d06babe11cd87ab4fa8e7e373ff9590fbb9ea6f6ea464

  • SSDEEP

    12288:V5yqq4mBet9eHsgfZpj1+F2l+5IThMHChFOI1Ar0JE/ZkVSGZpU:bmW9ZSlIgl+5ITSChNaoJER

  Score

  10^/10

  darkcometlalxpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2