General
-
Target
329e48e27fc8d57914146ed9d116ccc583fb4b7ba7d47e33ef09051145f5f988N
-
Size
574KB
-
Sample
241110-ffh29ssren
-
MD5
fe01f79aa8cc5c6a8cd400f9db0f50a0
-
SHA1
668a2905ce1eca106c44eff958a296ebb16a5056
-
SHA256
329e48e27fc8d57914146ed9d116ccc583fb4b7ba7d47e33ef09051145f5f988
-
SHA512
cd12879bbac91cc8eb81a5ede01fa73fc4e106023cf62905a535f19b3dabcda253052dea6f2e2beb90b8a63f3b6d75688e27bd59c33d3f533b3318aaa799f9c6
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsuby:zFhWAfn22m0eD1GPz8HdxG
Malware Config
Targets
-
-
Target
329e48e27fc8d57914146ed9d116ccc583fb4b7ba7d47e33ef09051145f5f988N
-
Size
574KB
-
MD5
fe01f79aa8cc5c6a8cd400f9db0f50a0
-
SHA1
668a2905ce1eca106c44eff958a296ebb16a5056
-
SHA256
329e48e27fc8d57914146ed9d116ccc583fb4b7ba7d47e33ef09051145f5f988
-
SHA512
cd12879bbac91cc8eb81a5ede01fa73fc4e106023cf62905a535f19b3dabcda253052dea6f2e2beb90b8a63f3b6d75688e27bd59c33d3f533b3318aaa799f9c6
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsuby:zFhWAfn22m0eD1GPz8HdxG
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-