General
-
Target
6ac288d897fa48a3d4c2ed1f6f3b578fffdfddb6ac0898d14d07da2e8bfd8eb8.exe
-
Size
574KB
-
Sample
241112-jqcvsayanp
-
MD5
f928c579be4ffb7559d9472e595961cb
-
SHA1
1f3cf4b663345beb69ed0da45995fc188ac23581
-
SHA256
6ac288d897fa48a3d4c2ed1f6f3b578fffdfddb6ac0898d14d07da2e8bfd8eb8
-
SHA512
33c2100de36e8fe25d8a72c27dc32c69e1639db05dcfe5980959e2089f9d3861d57e67fa81b0f4e11e278066b487c4bfa14a6c95793fbea4d0afbb093b7bbacf
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsub2:zFhWAfn22m0eD1GPz8Hdxi
Malware Config
Targets
-
-
Target
6ac288d897fa48a3d4c2ed1f6f3b578fffdfddb6ac0898d14d07da2e8bfd8eb8.exe
-
Size
574KB
-
MD5
f928c579be4ffb7559d9472e595961cb
-
SHA1
1f3cf4b663345beb69ed0da45995fc188ac23581
-
SHA256
6ac288d897fa48a3d4c2ed1f6f3b578fffdfddb6ac0898d14d07da2e8bfd8eb8
-
SHA512
33c2100de36e8fe25d8a72c27dc32c69e1639db05dcfe5980959e2089f9d3861d57e67fa81b0f4e11e278066b487c4bfa14a6c95793fbea4d0afbb093b7bbacf
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsub2:zFhWAfn22m0eD1GPz8Hdxi
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-