Extracted

• • Target

    0431fcc335792f97fe4660c5ba857fa7

  • Size

    659KB

  • MD5

    0431fcc335792f97fe4660c5ba857fa7

  • SHA1

    cc1a5bec1653f1661b3e4185a488d81fb6c97939

  • SHA256

    9637eb28918049462e11ed2cd4120331ef2f69fbd0b2fa0161a3677302f3581a

  • SHA512

    a1118c79ec6a73fb95c07f097c633c6321c10dcac6f480585818eb030bb91a702b2e316573a704ec2dbb2082a87ef3598d7d5d76d8b94ca89a31bb00609c8d29

  • SSDEEP

    12288:EX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0X:Css2Sm39NNv9wY7tHwbzfIoK6Mof

  Score

  10^/10

  darkcometguest16_minpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2