Extracted

• • Target

    1991dad9c5af6524b377e8971e19997162d42f7ff50b346974ed5e5061222d88N

  • Size

    1.9MB

  • MD5

    299c3a82d3402fa86e867c012e7ef5d0

  • SHA1

    8a744e622f52d464db99bc6c00c3b48a3bb1ce8d

  • SHA256

    1991dad9c5af6524b377e8971e19997162d42f7ff50b346974ed5e5061222d88

  • SHA512

    9140ec26f011949a0c0db3c16dec890c8943462a9b89710a9c113bfa48804b896e4000e6fd06196b2da619f465943141d45086f8890c7614aedeba34c527e643

  • SSDEEP

    24576:qMyptg5dkAmL8jyLQLNW0yzotcSHVZwMz8gkyJ8fP4lw46lw4Pz9ELqjLb:3te3ow4+w4PzqLcLb

  Score

  10^/10

  darkcomet1discoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2