Extracted

• • Target

    223a301aa146975a819da9b89ffb94619c9d78555ff5177c1d96f9fbbd70eb5b

  • Size

    860KB

  • MD5

    96c40928f2da30340d1a6a1c5854f8cd

  • SHA1

    b33efb2af4a8a682a839e297e9a8b9de17b0ee30

  • SHA256

    223a301aa146975a819da9b89ffb94619c9d78555ff5177c1d96f9fbbd70eb5b

  • SHA512

    6326c8989c5440a6b407ec43fdc59674747691ccee6aa6497167f5dd3cf05d37510ed08272e318d83b784ecee4386b8f23bc665b3a2aa7887549305833fbc0cd

  • SSDEEP

    24576:kah/9z7xCLpi4vRT1XSM9RxD9A8k0hvKaOy38:kahlxCQOLJLc8kLhy3

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2