General
-
Target
a69effb9cb8cb766f84043fe5b8417d223a46e3ec3f3e02152f844f7774cf51d
-
Size
848KB
-
Sample
221130-3wh4jaff83
-
MD5
5ff6c4af76faf74394c79161579e8a4f
-
SHA1
c36bca787b4629814a34d116b7c3ca5262fc4cfc
-
SHA256
a69effb9cb8cb766f84043fe5b8417d223a46e3ec3f3e02152f844f7774cf51d
-
SHA512
d15f6aeb2c2ac911a1c50356a8db5960d299b440bbf2e059a7ee5cfc4d3efc8c121ccc7fe737434ad04ef76f64000e77ca7fdc34b0193a2ad103b735e9ccf6d3
-
SSDEEP
12288:ivBIQKCR4KeHs+1M2R2D3wOLDvBQhA0UWgyjh/jWydrkaYEYhl97bjHk8OtAut01:rQKCR9uMVZBr0UWdwAYF7Ei1
Malware Config
Targets
-
-
Target
a69effb9cb8cb766f84043fe5b8417d223a46e3ec3f3e02152f844f7774cf51d
-
Size
848KB
-
MD5
5ff6c4af76faf74394c79161579e8a4f
-
SHA1
c36bca787b4629814a34d116b7c3ca5262fc4cfc
-
SHA256
a69effb9cb8cb766f84043fe5b8417d223a46e3ec3f3e02152f844f7774cf51d
-
SHA512
d15f6aeb2c2ac911a1c50356a8db5960d299b440bbf2e059a7ee5cfc4d3efc8c121ccc7fe737434ad04ef76f64000e77ca7fdc34b0193a2ad103b735e9ccf6d3
-
SSDEEP
12288:ivBIQKCR4KeHs+1M2R2D3wOLDvBQhA0UWgyjh/jWydrkaYEYhl97bjHk8OtAut01:rQKCR9uMVZBr0UWdwAYF7Ei1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-