Extracted

• • Target

    12a41da867fb963794d53e52185fa274f370b42679ea9fc724530966bc52ef37

  • Size

    2.0MB

  • MD5

    d9df50e1bb4cbcd862fb465fe35a32de

  • SHA1

    bfc39eecc9ed4b945a390c58f43d639f213a2a9d

  • SHA256

    12a41da867fb963794d53e52185fa274f370b42679ea9fc724530966bc52ef37

  • SHA512

    68199d57a1f55304778a17c214c6d5060047b29ed83f13b7dc30032334532620021cb0a3888c95e09068e09aec8ec74153bd1275dba6e4600a99f65a1bfca64f

  • SSDEEP

    49152:bUOfhVhb4HiHSQwM8eanhBYm0/ejNQw8xRt:oOJVuHiyQwthx0/v

  Score

  10^/10

  darkcometnewkoolpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2