General
-
Target
93fddc0c9455e00ab778d32783286de472112cd7e7eeea3ed807dab6a6b06ac1N.exe
-
Size
3.8MB
-
Sample
241118-rjysnsydnl
-
MD5
3c37f7cc15bbb4a34c18f4b4845164b0
-
SHA1
8e8ffe5af15853a72989ec9ca095ac54338ebe8a
-
SHA256
93fddc0c9455e00ab778d32783286de472112cd7e7eeea3ed807dab6a6b06ac1
-
SHA512
6944821efe4eea5e5628c7a99cf9fe02f4159a975766649c534dd8438be818eb2fc09bc2015678dcfea8aaa6b684c29b6fb1b3146271a3ea5fa17cd210987b3f
-
SSDEEP
98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qx:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiD
Malware Config
Targets
-
-
Target
93fddc0c9455e00ab778d32783286de472112cd7e7eeea3ed807dab6a6b06ac1N.exe
-
Size
3.8MB
-
MD5
3c37f7cc15bbb4a34c18f4b4845164b0
-
SHA1
8e8ffe5af15853a72989ec9ca095ac54338ebe8a
-
SHA256
93fddc0c9455e00ab778d32783286de472112cd7e7eeea3ed807dab6a6b06ac1
-
SHA512
6944821efe4eea5e5628c7a99cf9fe02f4159a975766649c534dd8438be818eb2fc09bc2015678dcfea8aaa6b684c29b6fb1b3146271a3ea5fa17cd210987b3f
-
SSDEEP
98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qx:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiD
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-