General
-
Target
9b89fb51be345ff9564807566ff45444
-
Size
252KB
-
Sample
201117-qwrnvcz3dj
-
MD5
1ae87b63858a496bd9473e57fb4d8f31
-
SHA1
30593034cc80261649a334cde198d6c2dc3a866c
-
SHA256
113936749f6b08da52458f7536043df7dc3da181b084db8240d441ddc3d7c02d
-
SHA512
d02eb94c60c5361138942a2af0758c8b97e72fa898f31fbb75f4055cfb2eac6a5549407b57155b8c3ee2250b64e1849f662620f2a9d69a0da6057ca440bbe37c
Malware Config
Targets
-
-
Target
9b89fb51be345ff9564807566ff45444
-
Size
252KB
-
MD5
1ae87b63858a496bd9473e57fb4d8f31
-
SHA1
30593034cc80261649a334cde198d6c2dc3a866c
-
SHA256
113936749f6b08da52458f7536043df7dc3da181b084db8240d441ddc3d7c02d
-
SHA512
d02eb94c60c5361138942a2af0758c8b97e72fa898f31fbb75f4055cfb2eac6a5549407b57155b8c3ee2250b64e1849f662620f2a9d69a0da6057ca440bbe37c
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-