Extracted

• • Target

    63bce5e96bd93259b3e0f8b9f25c4719.exe

  • Size

    520KB

  • MD5

    63bce5e96bd93259b3e0f8b9f25c4719

  • SHA1

    3162f78a253f3cc7b0336be816d1f4286ec8dbd7

  • SHA256

    66b930edc9e6370ade5bdebc54b8fca847d2f7a8cf5ed52f83a8c198c3db8554

  • SHA512

    411d495d45c320dc388a0c7046a6d089ea94c39cedd1a3de6890547cf37ecc4b37c397917ace84325d602261cb69bfcc71487db5bf453a0de407e90f84470a74

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbo:f9fC3hh29Ya77A90aFtDfT5IMbo

  Score

  10^/10

  darkcometprivateeyepersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2