General
-
Target
cf98f5f40e09f782cb438b97d91596004cbb6754875ddb78990b89067d5b9b5e
-
Size
1.3MB
-
Sample
221127-jsglrabb39
-
MD5
5af2b36bdf6590fc19fc5b9bc448798c
-
SHA1
95d5c284304adffb6612d6f541815d94ae0039eb
-
SHA256
cf98f5f40e09f782cb438b97d91596004cbb6754875ddb78990b89067d5b9b5e
-
SHA512
8220e0f86c1a84f4d4400dbf0401c5115d4419d3fd5883dba2261c34131061fda4d089a369becb858c2038b6327c2fa824112fbfe092874b606994db5e2c8112
-
SSDEEP
24576:voaA9jpW49EjGUxyM5S7jhrKdVPGQP17H6/VHWlugkviBFG+bMNtEr0Aoo6:voaw5AZ564/VlaATbxoL
Malware Config
Targets
-
-
Target
cf98f5f40e09f782cb438b97d91596004cbb6754875ddb78990b89067d5b9b5e
-
Size
1.3MB
-
MD5
5af2b36bdf6590fc19fc5b9bc448798c
-
SHA1
95d5c284304adffb6612d6f541815d94ae0039eb
-
SHA256
cf98f5f40e09f782cb438b97d91596004cbb6754875ddb78990b89067d5b9b5e
-
SHA512
8220e0f86c1a84f4d4400dbf0401c5115d4419d3fd5883dba2261c34131061fda4d089a369becb858c2038b6327c2fa824112fbfe092874b606994db5e2c8112
-
SSDEEP
24576:voaA9jpW49EjGUxyM5S7jhrKdVPGQP17H6/VHWlugkviBFG+bMNtEr0Aoo6:voaw5AZ564/VlaATbxoL
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-