Extracted

• • Target

    6c40aef64da6fcf46edffd34f1336cf88614442e913cb5625c44623716618620

  • Size

    468KB

  • MD5

    2b1f3da716f5ff437d6a2186e47c8d12

  • SHA1

    3fdf5f818d5debec67d7ebfd019e97bab624521c

  • SHA256

    6c40aef64da6fcf46edffd34f1336cf88614442e913cb5625c44623716618620

  • SHA512

    9ed2f92576941cb01367b55553826f03a763365d0421f6c2c28ba8cd0fd35e59d402950e6ff733f7e1c130f67120c952e4a1d6b015e71ff532b878d8de9d9bdb

  • SSDEEP

    12288:NK7EnmlS50Cg7IyuovPoZWUciMFVHAR5e:NKL0505HHCWTF

  Score

  10^/10

  darkcometguest16persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2