Extracted

• • Target

    Glitcher.exe

  • Size

    298KB

  • MD5

    76d364977e9ef469509ec532c09c9698

  • SHA1

    40cb6b4f077b82ed90d0171e55fb82f6a0e1e3f8

  • SHA256

    82d744058aa26da7cd978b380ef3788f2cc15f259e1de3dee4cae4ea2d3832d4

  • SHA512

    db42fce0ca1928a8476974e8741ead4b1cc09791f1c9ee158a59076140fec221660eba2a5bee7d44216c31cb2d1152ab9c35c4aa7993474c2c9ca91022ab21d1

  • SSDEEP

    6144:hTVYZrJIDC+pKSXrfoI465QPUnDfFSYO8G+WbkIZ1D/iFPxF:EsCiKuoATXbG+WbHD6F5F

  Score

  10^/10

  darkcometglitchdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2