Extracted

• • Target

    c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

  • Size

    389KB

  • MD5

    eae6b37b6242cdeba60fd04f4d09dc8b

  • SHA1

    2a487a88a9a8f3663ed0f2a5d562af424b7bff21

  • SHA256

    c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

  • SHA512

    76a69134b147535e88a7b58f59cd19efa0711f64181b0b0feff657ba993a2e33c4084ed6cd4728646403f4c7762afe47b4b031ddd0fb47085c27f859393e7c3d

  • SSDEEP

    6144:XEk6v38qdv4A9sE2bLutpL9v++JQegpbtKHWIhQFLfjWUkgd2d2NTAreVRcNoO:XEJ8qdgAIuwY/mcQxfjWUPFNcr0J

  Score

  10^/10

  darkcometguest16persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2