Extracted

• • Target

    9bd407c77373ec66f798ade73998efcaab8b4f5cd8ccadb26ae9efd81d362b77

  • Size

    416KB

  • MD5

    c64445ea610f9f6dd341268ce5851357

  • SHA1

    2ae1bd7236e343bd94aef8abcdeea88dbb824ed6

  • SHA256

    9bd407c77373ec66f798ade73998efcaab8b4f5cd8ccadb26ae9efd81d362b77

  • SHA512

    6019002b586470d1d53f0e8306b9dec82f4dee22188413b29683677119b8ee2b0d012e209108f1c5cf35996bdca9a4508c81ff140be8270fea6327739dbef703

  • SSDEEP

    6144:bRFKlSlqxO5s+Mv2gbyzV/d5prKrLfvIe2Vlsyd/sLn5TG5B:KlSl2oIvHi/d5MMr5d/sLhG5B

  Score

  10^/10

  darkcometguest16evasionpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Executes dropped EXE

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2