General
-
Target
0ab99bc90b4d5cfcdd8da560c7daa3768b21b3e63a53136a871155d6681409a8N
-
Size
3.9MB
-
Sample
241107-1xvgvazalb
-
MD5
9ce228d0cd2fc274eef4088019ed31b0
-
SHA1
9e48e4941d040597b74863223b880fcb24fc66a2
-
SHA256
0ab99bc90b4d5cfcdd8da560c7daa3768b21b3e63a53136a871155d6681409a8
-
SHA512
27ec457a308e0f801f823f60bc01206b5abf38971f50a6a97d6cce1a35b771e16acf27a89369449338ab343d48d5c109aa9ff83195228631167a444d40a8f57d
-
SSDEEP
98304:IlX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cz:IlX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBz
Malware Config
Targets
-
-
Target
0ab99bc90b4d5cfcdd8da560c7daa3768b21b3e63a53136a871155d6681409a8N
-
Size
3.9MB
-
MD5
9ce228d0cd2fc274eef4088019ed31b0
-
SHA1
9e48e4941d040597b74863223b880fcb24fc66a2
-
SHA256
0ab99bc90b4d5cfcdd8da560c7daa3768b21b3e63a53136a871155d6681409a8
-
SHA512
27ec457a308e0f801f823f60bc01206b5abf38971f50a6a97d6cce1a35b771e16acf27a89369449338ab343d48d5c109aa9ff83195228631167a444d40a8f57d
-
SSDEEP
98304:IlX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cz:IlX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-