General
-
Target
bfa21515e932d430a1c7415d5f6554a499075f2f40f913de56d918eff6693057
-
Size
284KB
-
Sample
210515-em1jrt8hme
-
MD5
90a641405523f561b9dbf3c27304d22f
-
SHA1
b72390e962498c5256ee22f1392d73f47d198829
-
SHA256
bfa21515e932d430a1c7415d5f6554a499075f2f40f913de56d918eff6693057
-
SHA512
f799f4438ddefe3d48f815d53935d24e81bfa56a0c130236b8387de68dcd07344d227461ad64a3a0ac7dd28917bfc7795755e88231bbc996b61bd4a9a36ab8a7
Malware Config
Targets
-
-
Target
bfa21515e932d430a1c7415d5f6554a499075f2f40f913de56d918eff6693057
-
Size
284KB
-
MD5
90a641405523f561b9dbf3c27304d22f
-
SHA1
b72390e962498c5256ee22f1392d73f47d198829
-
SHA256
bfa21515e932d430a1c7415d5f6554a499075f2f40f913de56d918eff6693057
-
SHA512
f799f4438ddefe3d48f815d53935d24e81bfa56a0c130236b8387de68dcd07344d227461ad64a3a0ac7dd28917bfc7795755e88231bbc996b61bd4a9a36ab8a7
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-