General
-
Target
23c11251927fa2a1985305a1a1e9d9594023888ac962d55cc739b111ab8148ca
-
Size
647KB
-
Sample
221020-bharfsgac3
-
MD5
82d7fb6f8eac4e9de4b56956763f3e20
-
SHA1
bcae4eb9f4d54b10935a943a0d2edf404a1f062e
-
SHA256
23c11251927fa2a1985305a1a1e9d9594023888ac962d55cc739b111ab8148ca
-
SHA512
0c413294befd737df17712aa66e441b478cf4b96629ac267d3dd2c4ffce567abcc86f09992e3eeda13fb554af27a73e1063a6c67215341675efd2d45308583bd
-
SSDEEP
12288:Q8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixD:JUKoN0bUxgGa/pfBHDb+y1HgZZ
Malware Config
Targets
-
-
Target
23c11251927fa2a1985305a1a1e9d9594023888ac962d55cc739b111ab8148ca
-
Size
647KB
-
MD5
82d7fb6f8eac4e9de4b56956763f3e20
-
SHA1
bcae4eb9f4d54b10935a943a0d2edf404a1f062e
-
SHA256
23c11251927fa2a1985305a1a1e9d9594023888ac962d55cc739b111ab8148ca
-
SHA512
0c413294befd737df17712aa66e441b478cf4b96629ac267d3dd2c4ffce567abcc86f09992e3eeda13fb554af27a73e1063a6c67215341675efd2d45308583bd
-
SSDEEP
12288:Q8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixD:JUKoN0bUxgGa/pfBHDb+y1HgZZ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-