Extracted

• • Target

    ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d

  • Size

    1.5MB

  • MD5

    1d06209309e0b8f18e3d769d21728591

  • SHA1

    e02024506c73a4487cfa4cd209c7f07346ce2c58

  • SHA256

    ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d

  • SHA512

    575e02ba1633b5ba30a9387dd63d0e7737ec41a6f619a4d5fb7794e85660f522e2867d1ca6ec790eb7fdaed3ee9fcde7ce68931fd01011ce12051ce11747cfa3

  • SSDEEP

    24576:YRmYkcoQricOIrxiZY1iapYfP7wKaHnCMjORymu7Xmg7FT2b8:dYZoQrbT8ZY1iapMP16zt2g7FaY

  Score

  10^/10

  darkcomethbpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2