General
-
Target
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
Size
283KB
-
Sample
201106-4f6gbsv4ax
-
MD5
a96bbe28f01b35c25f6dfa60e8f01c82
-
SHA1
6edcde73a83ab3b839f828791f214bd4e1bba077
-
SHA256
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
SHA512
04f69746c86634e14aeab3a4c128d966988bda87d87243e0013dc452be403f89ae4f720c03a2dd04229070322a20f533342305801e0e94cfac779a208efc8780
Malware Config
Targets
-
-
Target
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
Size
283KB
-
MD5
a96bbe28f01b35c25f6dfa60e8f01c82
-
SHA1
6edcde73a83ab3b839f828791f214bd4e1bba077
-
SHA256
add85eece3a0a1d773d43a3e401ae5d7d9db2df82e2e28acb96de6771710122c
-
SHA512
04f69746c86634e14aeab3a4c128d966988bda87d87243e0013dc452be403f89ae4f720c03a2dd04229070322a20f533342305801e0e94cfac779a208efc8780
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-