General
-
Target
8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9
-
Size
520KB
-
Sample
210923-j7bdaaddb9
-
MD5
d683b4b96582e58a06ddc15284ea35c8
-
SHA1
2a9902159d8dabec02f9ee13e791fa298290fc81
-
SHA256
8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9
-
SHA512
a56674362d15ed66335b0a54449a658503a4346e58a066197c5665ab48da952b3c8bd3dc49cd0dee30b04208e7f97085ae74e332499f307700353de298331a19
Malware Config
Targets
-
-
Target
8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9
-
Size
520KB
-
MD5
d683b4b96582e58a06ddc15284ea35c8
-
SHA1
2a9902159d8dabec02f9ee13e791fa298290fc81
-
SHA256
8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9
-
SHA512
a56674362d15ed66335b0a54449a658503a4346e58a066197c5665ab48da952b3c8bd3dc49cd0dee30b04208e7f97085ae74e332499f307700353de298331a19
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-