Extracted

• • Target

    a2f302ed3f2ca2dff3be4ca2ae02c642b94a54b0707546182acb41b2a2367782N.exe

  • Size

    759KB

  • MD5

    7b5e4a417463943030ed84d16bdffc80

  • SHA1

    3e2b57bdd296e786aa1cc7cc134d2156abcbd731

  • SHA256

    a2f302ed3f2ca2dff3be4ca2ae02c642b94a54b0707546182acb41b2a2367782

  • SHA512

    9fca612c056977ac1539359adceaa8aef8350876b27e420d2600b2a8347b52d51819db2bcb8204bf4063cff99017a5faaf86207b2a988fb0bb04101e0bfcc9a5

  • SSDEEP

    12288:qM3iXBPCO36urpV5HODRH0xh9W1gx7K8hiz1v8hvwxUj1ShwONxyibDwd:oqEdTE0X9WSxG8IZv8hI21ShFNxyoM

  Score

  10^/10

  darkcometmusicagoagilenetdiscoverypersistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2