General
-
Target
df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687
-
Size
576KB
-
Sample
241125-fefkravpfm
-
MD5
6385129ecaf875fa5b4a1d0b2a4a4a34
-
SHA1
bc93685b3334d8a007344e7e330dd6550322febd
-
SHA256
df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687
-
SHA512
dab9ffd159b7413630302ae050d5a50b4340075a1d34e005d86373a42b60e09c2ba63197e8d4c1d824b8ccad2a29b41b72e3c30e337918aa0c2fe610f4e609f3
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS5:+NWPkHlUfBgpuPdWzyuDTifgyWlw
Malware Config
Targets
-
-
Target
df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687
-
Size
576KB
-
MD5
6385129ecaf875fa5b4a1d0b2a4a4a34
-
SHA1
bc93685b3334d8a007344e7e330dd6550322febd
-
SHA256
df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687
-
SHA512
dab9ffd159b7413630302ae050d5a50b4340075a1d34e005d86373a42b60e09c2ba63197e8d4c1d824b8ccad2a29b41b72e3c30e337918aa0c2fe610f4e609f3
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS5:+NWPkHlUfBgpuPdWzyuDTifgyWlw
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-