General
-
Target
6167b0aec21cfb29c5848b6ad076163d5f587a8b46699cf6fcba3ead014d3311
-
Size
382KB
-
Sample
221128-gtx9safd3t
-
MD5
1ebf9166d9b0e6bc0415f665f7fcd626
-
SHA1
dd172a3834de7cf3af5d19500559996d3b0ace49
-
SHA256
6167b0aec21cfb29c5848b6ad076163d5f587a8b46699cf6fcba3ead014d3311
-
SHA512
86daa80e18ff3d7a3785f6f89f97c2c664ca32ac4f4a373a3bd311f7cb4b1f0c7ce4312590756cea3db998881a6a78b3147f1ecb78a5cb02bb9836a67380f433
-
SSDEEP
6144:8lb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFXm6d/p:80Siiu2cOMayaZerXXmhFXmyh
Malware Config
Targets
-
-
Target
6167b0aec21cfb29c5848b6ad076163d5f587a8b46699cf6fcba3ead014d3311
-
Size
382KB
-
MD5
1ebf9166d9b0e6bc0415f665f7fcd626
-
SHA1
dd172a3834de7cf3af5d19500559996d3b0ace49
-
SHA256
6167b0aec21cfb29c5848b6ad076163d5f587a8b46699cf6fcba3ead014d3311
-
SHA512
86daa80e18ff3d7a3785f6f89f97c2c664ca32ac4f4a373a3bd311f7cb4b1f0c7ce4312590756cea3db998881a6a78b3147f1ecb78a5cb02bb9836a67380f433
-
SSDEEP
6144:8lb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFXm6d/p:80Siiu2cOMayaZerXXmhFXmyh
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-