Extracted

• • Target

    94cbafbad18227e619e73ee95ab4b97b1a4979e47695c0b06d8950c213c4ad19.exe

  • Size

    1.7MB

  • MD5

    7526bbadfc1a45ff7bbb10d9f6607116

  • SHA1

    df6a5241e003e6a13334836409505647cc3af3ef

  • SHA256

    94cbafbad18227e619e73ee95ab4b97b1a4979e47695c0b06d8950c213c4ad19

  • SHA512

    d75c3cdbec06374c6e89ca75ba29513cc55387c7a46732649fb8d571cc2d0374110bd9e0b4955f66b2cfc9634005996eba3c2a250d262e2267baed45d575dba9

  • SSDEEP

    24576:qMyptg5dkAmL8jyLQLNW0yzotcSHVZwMz8gkyJ8fPe:3te3e

  Score

  10^/10

  darkcomet1discoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2