Extracted

• • Target

    8e62ca1802bb4f7510305c74defe9521a0fbc3d4884a2460dfb6f3bfaec34faa

  • Size

    1.5MB

  • MD5

    2a4364298a4c39150726789ed6f8b761

  • SHA1

    3db55edbf09535eff8e55fdee7b6b96e9cf7e1ae

  • SHA256

    8e62ca1802bb4f7510305c74defe9521a0fbc3d4884a2460dfb6f3bfaec34faa

  • SHA512

    70e1ffc70437f10cbfb660de42f2cb525af06c497b60afd261dce3add158d27ec0d87361163580c79feaabf17b174596688bcc360b042e221b067fe88ab04e54

  • SSDEEP

    24576:hFQeYLbKKEPS1bvKE2JCavnObjq2R19fiMFOWExOYww4r:hFQzKKEP2biE2JCavnOnT9fbkCYTI

  Score

  10^/10

  darkcometguest16discoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2