General
-
Target
bfef082320559626427dc5f25be803c912e154e01705d163595877695210fcae
-
Size
788KB
-
Sample
221203-gqfwbsaf62
-
MD5
80ef70dc4d72c8e9b52410ee7338c9ae
-
SHA1
8679b445bfee7382a7ea7ec70331077ecea9d94b
-
SHA256
bfef082320559626427dc5f25be803c912e154e01705d163595877695210fcae
-
SHA512
03488e16a34d6439c5dcde8726a2359ee9a997295c1bf3dff3a8734238272688a2bf749e03cf72d09d15139e81fbf418673a00fb24b2b4b09514f4e6eece0977
-
SSDEEP
12288:s0vdICiZcqd87ONMZ+UWAAFSPiOob2pLLCMjOoUS+uMqiK0NE8/b:xCcIJXUpPiOA2xLCMjuHueKAb
Malware Config
Targets
-
-
Target
bfef082320559626427dc5f25be803c912e154e01705d163595877695210fcae
-
Size
788KB
-
MD5
80ef70dc4d72c8e9b52410ee7338c9ae
-
SHA1
8679b445bfee7382a7ea7ec70331077ecea9d94b
-
SHA256
bfef082320559626427dc5f25be803c912e154e01705d163595877695210fcae
-
SHA512
03488e16a34d6439c5dcde8726a2359ee9a997295c1bf3dff3a8734238272688a2bf749e03cf72d09d15139e81fbf418673a00fb24b2b4b09514f4e6eece0977
-
SSDEEP
12288:s0vdICiZcqd87ONMZ+UWAAFSPiOob2pLLCMjOoUS+uMqiK0NE8/b:xCcIJXUpPiOA2xLCMjuHueKAb
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-