General
-
Target
bffa28e7f39ce53d1b1810750b7663faa4d1dc5c1177b72c1a962367edd62cf6
-
Size
728KB
-
Sample
221202-zep9qscb22
-
MD5
c08b5c86a6862dce171417d4784a8e9d
-
SHA1
58c7a720b3fbf7473a9c3fd278ba243545223aea
-
SHA256
bffa28e7f39ce53d1b1810750b7663faa4d1dc5c1177b72c1a962367edd62cf6
-
SHA512
f2cff54c4b2173b64d41053fe231a36eeda6c700c35a26282596b1f4f9c79f46e58be1c3a21b1dbcfb1b8ac1d85d2307ebc6238521b85f9ded64b8a5055cc33c
-
SSDEEP
12288:Ykn1cJbceCA9W+DoGSSPI1YEoaPwJjoAOJq+QeiiGWM6wGAizk/Jq+QeiiGWM6wd:YGqI9A9WLjSPPEoMwJjoAD+QeiiGN8pq
Malware Config
Targets
-
-
Target
bffa28e7f39ce53d1b1810750b7663faa4d1dc5c1177b72c1a962367edd62cf6
-
Size
728KB
-
MD5
c08b5c86a6862dce171417d4784a8e9d
-
SHA1
58c7a720b3fbf7473a9c3fd278ba243545223aea
-
SHA256
bffa28e7f39ce53d1b1810750b7663faa4d1dc5c1177b72c1a962367edd62cf6
-
SHA512
f2cff54c4b2173b64d41053fe231a36eeda6c700c35a26282596b1f4f9c79f46e58be1c3a21b1dbcfb1b8ac1d85d2307ebc6238521b85f9ded64b8a5055cc33c
-
SSDEEP
12288:Ykn1cJbceCA9W+DoGSSPI1YEoaPwJjoAOJq+QeiiGWM6wGAizk/Jq+QeiiGWM6wd:YGqI9A9WLjSPPEoMwJjoAD+QeiiGN8pq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-