General
-
Target
1f4b3b19f6c3ffb00d5da51941d5eb30e1732ee293597b57f5c0f7e764bbf2f4
-
Size
896KB
-
Sample
221127-wtvafsgg34
-
MD5
220eddbbcd6e1460ac7ffee05b35da66
-
SHA1
ada5d416731993ccb84179fc97557a70e02a109c
-
SHA256
1f4b3b19f6c3ffb00d5da51941d5eb30e1732ee293597b57f5c0f7e764bbf2f4
-
SHA512
f97450f17a0312590048d2806e25be4cbf2ac91cb7030630ea4804d17d51715306032bb2be8ad788b3b4d69f082b3e6a93f1168f978ebca6d286b7b89c15816d
-
SSDEEP
12288:h7OqlFH8RY8Dv/kRIUTZwJjY6rZrYAacwgWW4L/TFXjB7lYNNFjc3:LztTRJTG+8UqWWm/hXfYq
Malware Config
Targets
-
-
Target
1f4b3b19f6c3ffb00d5da51941d5eb30e1732ee293597b57f5c0f7e764bbf2f4
-
Size
896KB
-
MD5
220eddbbcd6e1460ac7ffee05b35da66
-
SHA1
ada5d416731993ccb84179fc97557a70e02a109c
-
SHA256
1f4b3b19f6c3ffb00d5da51941d5eb30e1732ee293597b57f5c0f7e764bbf2f4
-
SHA512
f97450f17a0312590048d2806e25be4cbf2ac91cb7030630ea4804d17d51715306032bb2be8ad788b3b4d69f082b3e6a93f1168f978ebca6d286b7b89c15816d
-
SSDEEP
12288:h7OqlFH8RY8Dv/kRIUTZwJjY6rZrYAacwgWW4L/TFXjB7lYNNFjc3:LztTRJTG+8UqWWm/hXfYq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-