General
-
Target
bb88ff1c8a9fedda601ee817f7baf597f39f725322320fe6c39805e1a51ac6af
-
Size
331KB
-
Sample
221129-nqp8bsef24
-
MD5
eb2cc33b05f167b62155d3afdd33bca2
-
SHA1
884068cd29cc9ff4d8a1a1d898f5a868d547c334
-
SHA256
bb88ff1c8a9fedda601ee817f7baf597f39f725322320fe6c39805e1a51ac6af
-
SHA512
9cc8623fcf7fc335e38b04f5aa84575f2467c0a5f0f731d1f17cca78fb6bca7d520affc3c0fe84e24610f80d13c1ed4a92201c5a305da89d60aebb088282d096
-
SSDEEP
6144:SM41YTICjnbHv1eNJa0rr7DxodlqFYZwfjJVYv0yGKb52Wf:SKjLv03aYDxodluYZw7JV+2Wf
Malware Config
Targets
-
-
Target
bb88ff1c8a9fedda601ee817f7baf597f39f725322320fe6c39805e1a51ac6af
-
Size
331KB
-
MD5
eb2cc33b05f167b62155d3afdd33bca2
-
SHA1
884068cd29cc9ff4d8a1a1d898f5a868d547c334
-
SHA256
bb88ff1c8a9fedda601ee817f7baf597f39f725322320fe6c39805e1a51ac6af
-
SHA512
9cc8623fcf7fc335e38b04f5aa84575f2467c0a5f0f731d1f17cca78fb6bca7d520affc3c0fe84e24610f80d13c1ed4a92201c5a305da89d60aebb088282d096
-
SSDEEP
6144:SM41YTICjnbHv1eNJa0rr7DxodlqFYZwfjJVYv0yGKb52Wf:SKjLv03aYDxodluYZw7JV+2Wf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-