Extracted

• • Target

    91e88bb385b5c2f85958df87943a1962b5b325f6f9083b5aaf42980e1980c37eN.exe

  • Size

    520KB

  • MD5

    f5b01a29c59db1cc37d775818d620e00

  • SHA1

    5599e81d4c8205e48e8edf26fda9cbe0679e842e

  • SHA256

    91e88bb385b5c2f85958df87943a1962b5b325f6f9083b5aaf42980e1980c37e

  • SHA512

    7d9033145e8edaf751ae8201f34ee92bd51f466e6fb74de74001cd85295906809256ad48b730ef3f125863a5a676fcd1bd6e3b08a27a57eda0048782afe6b065

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbt:f9fC3hh29Ya77A90aFtDfT5IMbt

  Score

  10^/10

  darkcometprivateeyediscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2