Extracted

• • Target

    f415979502c9fe1c601453e67730aa49dc0be75d32139141302ac8cb9ec94841

  • Size

    576KB

  • MD5

    a0b365180c978d2433188fc14a39c991

  • SHA1

    a650ba6d0589a10f77994be1e4860ffc2090ae91

  • SHA256

    f415979502c9fe1c601453e67730aa49dc0be75d32139141302ac8cb9ec94841

  • SHA512

    a4a0f2e780e3043f651fb5f49c4894b83d9067ead53d642436b40e47c91bd2ff4db3fa65434db117ac8f6ed2df8dfc5ccac3699787ac0085b7a5f09ec38cc53e

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSg:+NWPkHlUfBgpuPdWzyuDTifgyWl/

  Score

  10^/10

  darkcomettoaksbitchdiscoverypersistencerattrojanupx

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2