Extracted

• • Target

    670b4d88c1338b43deefa0ea8a43c01b34428f2116b114ef4730ae751356da66

  • Size

    520KB

  • MD5

    63353c063c4943c1def96374f9188e7e

  • SHA1

    2bf2ace84b557953bbf29cddfa4a94bd4fb965c9

  • SHA256

    670b4d88c1338b43deefa0ea8a43c01b34428f2116b114ef4730ae751356da66

  • SHA512

    69ed8cc7aeca24a974a76b7c07a8f7295a8ccf4b2f7c752f1925f30f7e12201a623ea2b4753a4f8384d1ae15ee2c99ba1abc59576f784bd6fbe37f502aad16af

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMb9:f9fC3hh29Ya77A90aFtDfT5IMb9

  Score

  10^/10

  darkcometprivateeyediscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2