Extracted

• • Target

    b8e9f57718a08d5ce927db8f4789569d

  • Size

    1.2MB

  • MD5

    b8e9f57718a08d5ce927db8f4789569d

  • SHA1

    2c27146487faede087a7c21d27b5663a295ad44d

  • SHA256

    36952b4bf4a7f5b524adb73c6ff3aaa28c38c87d5ede6ecbad670caac7428538

  • SHA512

    ade073fa43b91b3c8e7c8f93f023076a4c0d45c9329f35c6d73fa4995fa156248f2a17842eb2d9ba3f49aedaf80b8239570142ec7aa6f51c09e4c9b6d4d0e659

  • SSDEEP

    24576:iaCwtiqV012KXkJHsYiyGQWgANWGyo70zWGT8y5N7I:W56xi9ZUGFqxM

  Score

  10^/10

  darkcometparallax!!!!!!!!!!!ddos-spread!!!!!!!!!!!!!!!!!persistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2