Extracted

• • Target

    AIM 1x2.exe

  • Size

    714KB

  • MD5

    ee037acc6ced4a2ea99866bd9f5d2531

  • SHA1

    fe02e28cd8a8c3237cf7d958ff1517f52c90faaa

  • SHA256

    c83c1eb034a7688d564cd841c0c6d51e85890df161bf233ae3efee67a29d9cad

  • SHA512

    6370bb8fc8aaa12c92b55f3ade5cd4e93697721ed6bf6da9c1aa4a48b23ccb19a00cf0a8cb3b39581463f2d79b685cbc3cda6168c42de50ab952668aa5684471

  • SSDEEP

    12288:CaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdf:TAEENIq8XwyVPQclDq/+WnpsSf

  Score

  10^/10

  darkcometlatentbotpersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Modifies WinLogon for persistence

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2