General
-
Target
c9d91546010853d95c97be16c7e47ba5ee793507c85dbc9cc41c35ba33bfaa27
-
Size
3.9MB
-
Sample
241126-ehwwgazmak
-
MD5
94cea3d6b257e9c72096af0b61fa9679
-
SHA1
cd462c07fec074282d710469fa83c1f95c807f1c
-
SHA256
c9d91546010853d95c97be16c7e47ba5ee793507c85dbc9cc41c35ba33bfaa27
-
SHA512
2e9158667b0bd29a128589baa4660b9c8ea02fe7f6250f307ee3c10e6e86115c3a9730f650a55debb074cd83c92549b5065db3c5fb3e9cafeae09f360c085f87
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cw:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBw
Malware Config
Targets
-
-
Target
c9d91546010853d95c97be16c7e47ba5ee793507c85dbc9cc41c35ba33bfaa27
-
Size
3.9MB
-
MD5
94cea3d6b257e9c72096af0b61fa9679
-
SHA1
cd462c07fec074282d710469fa83c1f95c807f1c
-
SHA256
c9d91546010853d95c97be16c7e47ba5ee793507c85dbc9cc41c35ba33bfaa27
-
SHA512
2e9158667b0bd29a128589baa4660b9c8ea02fe7f6250f307ee3c10e6e86115c3a9730f650a55debb074cd83c92549b5065db3c5fb3e9cafeae09f360c085f87
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cw:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBw
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-