Extracted

• • Target

    cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d

  • Size

    769KB

  • MD5

    ffc476cc5de1540f3e0d41d4b87b66c9

  • SHA1

    fd8891cd1474bad8defe4f99386cb505b7f8b577

  • SHA256

    cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d

  • SHA512

    0953fefc861cca9aa818079962990653815d93be50de058e50e1d5d668f2d3616679473aad677649401464882637b985d712ae5a8d3155f5993ed9cc93bc7f26

  • SSDEEP

    24576:LTvW/wxXSknYDkoR4HTaF1nP9tXGVnmpW:LTvW/wxTnYoTS1P6gpW

  Score

  10^/10

  darkcometxppersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2