General
-
Target
237ffbd71f9fa5afe7de6b6801502614cc37c07797e01c2053bfafe9cffc895e
-
Size
936KB
-
Sample
221129-ss86faef4w
-
MD5
e2897ef6da452da4b7276443f4a5bb3f
-
SHA1
556aee59e0e1db6a4ad7f5a3cc611ecf10b119d7
-
SHA256
237ffbd71f9fa5afe7de6b6801502614cc37c07797e01c2053bfafe9cffc895e
-
SHA512
150f5d44ea841e1fc53df850a727585e12d75bd9925e5e7dd71532bfd7b446a02103e8ff689180b1dc72401d1bde9ebd55774d0f423f13bc1c348feaee8fc1dd
-
SSDEEP
24576:ldCf5l+hpoq2iHU/0PdIT0TmsIoiQTqxHfcL9rE7CAjvM:3Cf5l+hpoq2iO0lITcILk8cL947C
Malware Config
Targets
-
-
Target
237ffbd71f9fa5afe7de6b6801502614cc37c07797e01c2053bfafe9cffc895e
-
Size
936KB
-
MD5
e2897ef6da452da4b7276443f4a5bb3f
-
SHA1
556aee59e0e1db6a4ad7f5a3cc611ecf10b119d7
-
SHA256
237ffbd71f9fa5afe7de6b6801502614cc37c07797e01c2053bfafe9cffc895e
-
SHA512
150f5d44ea841e1fc53df850a727585e12d75bd9925e5e7dd71532bfd7b446a02103e8ff689180b1dc72401d1bde9ebd55774d0f423f13bc1c348feaee8fc1dd
-
SSDEEP
24576:ldCf5l+hpoq2iHU/0PdIT0TmsIoiQTqxHfcL9rE7CAjvM:3Cf5l+hpoq2iO0lITcILk8cL947C
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-