General
-
Target
0ce255ff615580522fb9530352f0ecb101ae6192c09a042026801dc11a219a99
-
Size
1.7MB
-
Sample
221126-p5g1yadh54
-
MD5
c153e9b64b8bf151054c7fe36d74b188
-
SHA1
8d5105e4984e229c9abaaa83451c84d73f32c78a
-
SHA256
0ce255ff615580522fb9530352f0ecb101ae6192c09a042026801dc11a219a99
-
SHA512
2f2245c764cdc05d2cbdb51ad60a7b642b1071f569fafe79b7c37f534276fd9a3982395dc5658876c8a23ce54287bec9275d255a108de34b4ab9628d4b7d5fc8
-
SSDEEP
24576:bUX29rltyl8zqDeLU+YLeO7HxCbQuHouKeMzzlkj1KNT9XAa1Efll7y4LE8oS1/d:bUXoatERYTETO/lia1i+Hq4CFH
Malware Config
Targets
-
-
Target
0ce255ff615580522fb9530352f0ecb101ae6192c09a042026801dc11a219a99
-
Size
1.7MB
-
MD5
c153e9b64b8bf151054c7fe36d74b188
-
SHA1
8d5105e4984e229c9abaaa83451c84d73f32c78a
-
SHA256
0ce255ff615580522fb9530352f0ecb101ae6192c09a042026801dc11a219a99
-
SHA512
2f2245c764cdc05d2cbdb51ad60a7b642b1071f569fafe79b7c37f534276fd9a3982395dc5658876c8a23ce54287bec9275d255a108de34b4ab9628d4b7d5fc8
-
SSDEEP
24576:bUX29rltyl8zqDeLU+YLeO7HxCbQuHouKeMzzlkj1KNT9XAa1Efll7y4LE8oS1/d:bUXoatERYTETO/lia1i+Hq4CFH
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-