Extracted

• • Target

    28143e132fd376bfd604ca691bcb7e17ebd5e53f33350857e28c4c7e902d3db3

  • Size

    1.0MB

  • MD5

    e17eb3edf1a499f7c5c4db9b108fdd52

  • SHA1

    7c5ced6fd3f90862ee2b99594db7f82e2f27c631

  • SHA256

    28143e132fd376bfd604ca691bcb7e17ebd5e53f33350857e28c4c7e902d3db3

  • SHA512

    9f99c43a60d864d80dabc01844458490800c83bd1293315f61368b2444a6a1c006eff277853276067baa2dea8cd807b9d5f676550144bd3b7fe4e8be70c1f06d

  • SSDEEP

    24576:LuDXTIGaPhEYzUzA0p5GHZKLveFKNhEaj2S0Fv:CDjlabwz9p5GHZKLVjE5

  Score

  10^/10

  darkcometguest16discoveryevasionrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies security service

    evasion

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2