General
-
Target
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
-
Size
746KB
-
Sample
201109-b8nzmckars
-
MD5
614176a1e8e22a51c1106403ce3d1423
-
SHA1
482ea2b067d059eef45ee47fdb782a0e24fdab8e
-
SHA256
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
-
SHA512
4db9c64c491c0e9574616596497f7be9e9abece4d3cc68c66d5f91c4b223b88bbe8ea192aa90cedc8c63b7caa9ce44ad00d89394850787b019ce51b1aa93a6f8
Malware Config
Targets
-
-
Target
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
-
Size
746KB
-
MD5
614176a1e8e22a51c1106403ce3d1423
-
SHA1
482ea2b067d059eef45ee47fdb782a0e24fdab8e
-
SHA256
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
-
SHA512
4db9c64c491c0e9574616596497f7be9e9abece4d3cc68c66d5f91c4b223b88bbe8ea192aa90cedc8c63b7caa9ce44ad00d89394850787b019ce51b1aa93a6f8
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-