Extracted

• • Target

    7d406c200225c1b5bfef6fb379bf35697407b57aca9e115a407646768d4cb44eN.exe

  • Size

    520KB

  • MD5

    51cddc8e55cf67ded802d2cf651e2420

  • SHA1

    9ae1971f1c5ae09fc31d8d51507323522fe10ff5

  • SHA256

    7d406c200225c1b5bfef6fb379bf35697407b57aca9e115a407646768d4cb44e

  • SHA512

    a016e63167c95282dd862f0ac55fdb7c07e6586a4fe9e945eb2ba57d54399c4d0827a2bda221eb71869212847e15d98c448faa735fa91d6a42edcb375371e153

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbq:f9fC3hh29Ya77A90aFtDfT5IMbq

  Score

  10^/10

  darkcometprivateeyediscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2