Extracted

• • Target

    74a9f7ac76250c6eb9d0c674a4249c92

  • Size

    426KB

  • MD5

    74a9f7ac76250c6eb9d0c674a4249c92

  • SHA1

    8c544f4df935bbb9c13e8c88359497f134e47abd

  • SHA256

    45f13c2ef9560816343176cce689c89e8a1fcd48e021b71093b56d19cb3c947b

  • SHA512

    e4476f5c1792f9361ee5f53968b3f1abbd8b012c3f0cc47580565a54b5b41d12edb29aa0cd4fbe5e08e7d20a1175b891c37e58fa908aa5737c84cbb8bbdb2d25

  • SSDEEP

    12288:6Tij6aV7gcz/cWCrR46sYjtyW3Ydi7N0+u21j6c769k:66lNcWCtpsYjtyOwgF1OK6W

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2