General
-
Target
fc2c20c422ed7aa47242a52104c1f32d67dee86fc7bd1e0823265ec66bae6879.exe
-
Size
3.9MB
-
Sample
241125-bhhr3azlfv
-
MD5
6da5d1f6b01359958cee97bd0c62cf4d
-
SHA1
ce1b528e13184e29723d1a97f3ce25f14f1faff8
-
SHA256
fc2c20c422ed7aa47242a52104c1f32d67dee86fc7bd1e0823265ec66bae6879
-
SHA512
7a4fcfb855c7c3d0335e33a4e5303ddc734f2c824229407d216003cbe64c93f59ba1e78569ef8b6d533a3f799c0443427e8d02c3ec35420f547a033d41c34803
-
SSDEEP
98304:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cp:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBp
Malware Config
Targets
-
-
Target
fc2c20c422ed7aa47242a52104c1f32d67dee86fc7bd1e0823265ec66bae6879.exe
-
Size
3.9MB
-
MD5
6da5d1f6b01359958cee97bd0c62cf4d
-
SHA1
ce1b528e13184e29723d1a97f3ce25f14f1faff8
-
SHA256
fc2c20c422ed7aa47242a52104c1f32d67dee86fc7bd1e0823265ec66bae6879
-
SHA512
7a4fcfb855c7c3d0335e33a4e5303ddc734f2c824229407d216003cbe64c93f59ba1e78569ef8b6d533a3f799c0443427e8d02c3ec35420f547a033d41c34803
-
SSDEEP
98304:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cp:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBp
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-