General
-
Target
98755eadea7bd0b44fc437ec5bb15f3aaedcf5cb3265e59e579c23dd29086958
-
Size
266KB
-
Sample
201109-gjd5xns8lj
-
MD5
607f3249f01bcb2406e81c2cce900f73
-
SHA1
ee08e9662d34fa613e43ef7d9c81b393377abded
-
SHA256
98755eadea7bd0b44fc437ec5bb15f3aaedcf5cb3265e59e579c23dd29086958
-
SHA512
f46ce677320f2de9b0fce39733484485c14274d3a6e391e68a23ce3aa2273d1bd2871f028293b69ce4319afed73efa251d26483ad5522066624fca75208fca0d
Malware Config
Targets
-
-
Target
98755eadea7bd0b44fc437ec5bb15f3aaedcf5cb3265e59e579c23dd29086958
-
Size
266KB
-
MD5
607f3249f01bcb2406e81c2cce900f73
-
SHA1
ee08e9662d34fa613e43ef7d9c81b393377abded
-
SHA256
98755eadea7bd0b44fc437ec5bb15f3aaedcf5cb3265e59e579c23dd29086958
-
SHA512
f46ce677320f2de9b0fce39733484485c14274d3a6e391e68a23ce3aa2273d1bd2871f028293b69ce4319afed73efa251d26483ad5522066624fca75208fca0d
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-