General
-
Target
193dd932c64c39c8b85065b12602c5aa3b2009e5e1adbe300550f496dca124f2
-
Size
574KB
-
Sample
241015-xyjj7asarh
-
MD5
183ba55db3306c724c1f02057970ed84
-
SHA1
cda7e9633c138201cd6e5fa4ba67d6242f1588a8
-
SHA256
193dd932c64c39c8b85065b12602c5aa3b2009e5e1adbe300550f496dca124f2
-
SHA512
42723813f37558026016091cd19ade13eaa3bc1e389cf7da96327df6671c715bc0298bbcac1164f050ac8b2e8827b3a3fac1ebc52feda13be3336f4a38baa86b
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3HdsubU:zFhWAfn22m0eD1GPz8Hdx4
Malware Config
Targets
-
-
Target
193dd932c64c39c8b85065b12602c5aa3b2009e5e1adbe300550f496dca124f2
-
Size
574KB
-
MD5
183ba55db3306c724c1f02057970ed84
-
SHA1
cda7e9633c138201cd6e5fa4ba67d6242f1588a8
-
SHA256
193dd932c64c39c8b85065b12602c5aa3b2009e5e1adbe300550f496dca124f2
-
SHA512
42723813f37558026016091cd19ade13eaa3bc1e389cf7da96327df6671c715bc0298bbcac1164f050ac8b2e8827b3a3fac1ebc52feda13be3336f4a38baa86b
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3HdsubU:zFhWAfn22m0eD1GPz8Hdx4
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-