Extracted

• • Target

    44b34bbf9dd06a47250f20dc4e63aa00N.exe

  • Size

    520KB

  • MD5

    44b34bbf9dd06a47250f20dc4e63aa00

  • SHA1

    d283b44fd38a2e5c4580a1afb09e514b27228c3f

  • SHA256

    2fc700b16c4a15b3732a2e7534f09e510692a5f445741011a50a786d806829b0

  • SHA512

    170caef55f4633f6782d424e75a6f12e24935abedc749e60370c7d7a31c9b55663539fb156672a87e2bf53ce8b41f57c11228d1c655d7566538aa325b4fd0f92

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbs:f9fC3hh29Ya77A90aFtDfT5IMbs

  Score

  10^/10

  darkcometprivateeyepersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2