General
-
Target
552ea2b814e9b288e0ac30e421b0e990_NeikiAnalytics.exe
-
Size
576KB
-
Sample
240522-29jrjscg6z
-
MD5
552ea2b814e9b288e0ac30e421b0e990
-
SHA1
05af8bb22349b84805603650532cd28e319f49a2
-
SHA256
1c16388e56c0498c94f30b66f2709691f206d7cbb25420eda7005e9a2b43a844
-
SHA512
5891f0746ef92f87ba517b4fcd7a353e4610ab211b02d20df84921551adf5d9574053cc6d93a28a23dec36b9a18085eeb08090edf1a0b2eca1773bb1a55b62ac
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS6:+NWPkHlUfBgpuPdWzyuDTifgyWlt
Malware Config
Targets
-
-
Target
552ea2b814e9b288e0ac30e421b0e990_NeikiAnalytics.exe
-
Size
576KB
-
MD5
552ea2b814e9b288e0ac30e421b0e990
-
SHA1
05af8bb22349b84805603650532cd28e319f49a2
-
SHA256
1c16388e56c0498c94f30b66f2709691f206d7cbb25420eda7005e9a2b43a844
-
SHA512
5891f0746ef92f87ba517b4fcd7a353e4610ab211b02d20df84921551adf5d9574053cc6d93a28a23dec36b9a18085eeb08090edf1a0b2eca1773bb1a55b62ac
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS6:+NWPkHlUfBgpuPdWzyuDTifgyWlt
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-