Extracted

Extracted

• • Target

    4f6c3238851f570e902be85c53d9bcb4f589cb6fc2c652fd6ac5509ff26acc41.exe

  • Size

    520KB

  • MD5

    d4d59021825d613808c6d07794e1e2d5

  • SHA1

    b570d4498144c6c028b4a87a28b8a64f7b698391

  • SHA256

    4f6c3238851f570e902be85c53d9bcb4f589cb6fc2c652fd6ac5509ff26acc41

  • SHA512

    f518190fbfda39eee2d2c7825d353d7b86c73158cbfa7bf0026760488b6bdf4dc1432a8f79882a255cda11920a19ba4fea78e070d48e4208187964686cab59f2

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbt:f9fC3hh29Ya77A90aFtDfT5IMbt

  Score

  10^/10

  darkcometprivateeyediscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2