General
-
Target
261ad28bb11516f6557316778cbbf8bd
-
Size
1.4MB
-
Sample
231231-dtyzjaaef9
-
MD5
261ad28bb11516f6557316778cbbf8bd
-
SHA1
6bf3b451ecb45d758706c1c67a4c9f256f1dee29
-
SHA256
4643fd8421eeea214ea49a05937858d1fda72b9b4141861ab1dd52e83949601b
-
SHA512
ddba725d9b3dbcbbf9849eeeabaa516542c0a69fe1bed51fc6708244f93e0c2ec69996780a8a77a9ed5a45aa4b693b52c1f40cade3539b2e0d38d64368897d81
-
SSDEEP
24576:8thUkbMvMKfXX8mG4M5zvl611+Cq9n9tW00iqbXT3PLleQ8i5fDB0AX/aOugguqe:8Qkb2MY3lMw1+CQ9Oi0XTfLlsiF5Cm
Malware Config
Targets
-
-
Target
261ad28bb11516f6557316778cbbf8bd
-
Size
1.4MB
-
MD5
261ad28bb11516f6557316778cbbf8bd
-
SHA1
6bf3b451ecb45d758706c1c67a4c9f256f1dee29
-
SHA256
4643fd8421eeea214ea49a05937858d1fda72b9b4141861ab1dd52e83949601b
-
SHA512
ddba725d9b3dbcbbf9849eeeabaa516542c0a69fe1bed51fc6708244f93e0c2ec69996780a8a77a9ed5a45aa4b693b52c1f40cade3539b2e0d38d64368897d81
-
SSDEEP
24576:8thUkbMvMKfXX8mG4M5zvl611+Cq9n9tW00iqbXT3PLleQ8i5fDB0AX/aOugguqe:8Qkb2MY3lMw1+CQ9Oi0XTfLlsiF5Cm
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-