General
-
Target
df7b910bbc8fdb3e6f99037236ac9c84b42c42639ccf9c63939a79b6457b6185N.exe
-
Size
574KB
-
Sample
241113-219xdazpfz
-
MD5
251756e54ff429347fd040aacfada6ed
-
SHA1
d515f92a201466d01e7bc5d05c597888865e3778
-
SHA256
fc6f9d52a9a67fa848a16fbb3ad29c5f1ef81f395ca25a62ffb717950c626167
-
SHA512
22eca0bf22a2b1be9ff7a5415228e5f0259be80e9af6ade1cb08727cb13457bf9089e4fdc1340e519c763419e0f09761ed7de41dc406f25d118082814dd91c47
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3HdsubF:zFhWAfn22m0eD1GPz8Hdxh
Malware Config
Targets
-
-
Target
df7b910bbc8fdb3e6f99037236ac9c84b42c42639ccf9c63939a79b6457b6185N.exe
-
Size
574KB
-
MD5
251756e54ff429347fd040aacfada6ed
-
SHA1
d515f92a201466d01e7bc5d05c597888865e3778
-
SHA256
fc6f9d52a9a67fa848a16fbb3ad29c5f1ef81f395ca25a62ffb717950c626167
-
SHA512
22eca0bf22a2b1be9ff7a5415228e5f0259be80e9af6ade1cb08727cb13457bf9089e4fdc1340e519c763419e0f09761ed7de41dc406f25d118082814dd91c47
-
SSDEEP
12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3HdsubF:zFhWAfn22m0eD1GPz8Hdxh
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-