General
-
Target
309a5f9f926b2fa365a94cbf98214566
-
Size
559KB
-
Sample
201117-tmr1rgh8ne
-
MD5
e4e5a0ee373f5b6085efdb3f2a5f0071
-
SHA1
85e6daa5792408d4cb4f23767436759f03b683ac
-
SHA256
fec8c19e1915a8d64f709db2021902713998b20826dda3128a8dd2a414dd7172
-
SHA512
549bb1c0256b45cf5c7342e915bfd6c5adc1c4ff9d27e13756e5468edbcd2dbf07fbd9ec712ac757c0226d41d2b57ff159968368e18d66485fc74568d0e67658
Malware Config
Targets
-
-
Target
309a5f9f926b2fa365a94cbf98214566
-
Size
559KB
-
MD5
e4e5a0ee373f5b6085efdb3f2a5f0071
-
SHA1
85e6daa5792408d4cb4f23767436759f03b683ac
-
SHA256
fec8c19e1915a8d64f709db2021902713998b20826dda3128a8dd2a414dd7172
-
SHA512
549bb1c0256b45cf5c7342e915bfd6c5adc1c4ff9d27e13756e5468edbcd2dbf07fbd9ec712ac757c0226d41d2b57ff159968368e18d66485fc74568d0e67658
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-