Extracted

• • Target

    8a3de78cf177be4c37c1525becf05af336c1dc2a4d181cae79f6903754902efa_Sigmanly

  • Size

    251KB

  • MD5

    57bd4f73690590693b5b921f29679410

  • SHA1

    c2cb47bf602541043589e979f21c3d7c1698e3ac

  • SHA256

    8a3de78cf177be4c37c1525becf05af336c1dc2a4d181cae79f6903754902efa

  • SHA512

    00b543644058a93f1c0a13e4d40b1c4e76f9581325f1773d79983761ca6903643e5a44717e7785b27a8fac2a6609c19032e3f412d3339e9cc5dc697791890318

  • SSDEEP

    6144:ZcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:ZcW7KEZlPzCy37

  Score

  10^/10

  darkcometgoogledebuggerdiscoveryevasionpersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Modifies WinLogon for persistence

    persistence

  • Disables Task Manager via registry modification

    evasion

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2