General
-
Target
aad35a5504c45513c4dd2488a13848d3ddbad34e0ebca7dbce4949d4b17651a2
-
Size
349KB
-
Sample
201115-c563kapld2
-
MD5
3bc048af20476d5a8c440a33bd2eb9a0
-
SHA1
bcd51807e3ac07837ecdc024d0b13e828249c424
-
SHA256
aad35a5504c45513c4dd2488a13848d3ddbad34e0ebca7dbce4949d4b17651a2
-
SHA512
e7d2a491626ea66066c475d25196ac2ca99a28d036e1e8be71780b6b40b31a67985fd3d723950c4cf94a880f6cc2639a0ac727bc92717701df0b82da874b2cd1
Malware Config
Targets
-
-
Target
aad35a5504c45513c4dd2488a13848d3ddbad34e0ebca7dbce4949d4b17651a2
-
Size
349KB
-
MD5
3bc048af20476d5a8c440a33bd2eb9a0
-
SHA1
bcd51807e3ac07837ecdc024d0b13e828249c424
-
SHA256
aad35a5504c45513c4dd2488a13848d3ddbad34e0ebca7dbce4949d4b17651a2
-
SHA512
e7d2a491626ea66066c475d25196ac2ca99a28d036e1e8be71780b6b40b31a67985fd3d723950c4cf94a880f6cc2639a0ac727bc92717701df0b82da874b2cd1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-