General
-
Target
c1071ac1cc994161cf0bfec7f102fff5c59750f8512e2686616cf44f12b0f0f6N.exe
-
Size
576KB
-
Sample
241222-pj5vwaykbr
-
MD5
bf0b3ee63448556b8c1531faf0d2a260
-
SHA1
a72bc08f9cb39c2e033ea74204c7a02228e1a415
-
SHA256
c1071ac1cc994161cf0bfec7f102fff5c59750f8512e2686616cf44f12b0f0f6
-
SHA512
0ce1a781a80ce2ffdab1d4691b930fa463d9787091425c739f09e5f058c9b8b2973447cb2d3b18448d481afeb761ed0fa720bbd0e50b288dfb02567ab59d6206
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS8:+NWPkHlUfBgpuPdWzyuDTifgyWlt
Malware Config
Targets
-
-
Target
c1071ac1cc994161cf0bfec7f102fff5c59750f8512e2686616cf44f12b0f0f6N.exe
-
Size
576KB
-
MD5
bf0b3ee63448556b8c1531faf0d2a260
-
SHA1
a72bc08f9cb39c2e033ea74204c7a02228e1a415
-
SHA256
c1071ac1cc994161cf0bfec7f102fff5c59750f8512e2686616cf44f12b0f0f6
-
SHA512
0ce1a781a80ce2ffdab1d4691b930fa463d9787091425c739f09e5f058c9b8b2973447cb2d3b18448d481afeb761ed0fa720bbd0e50b288dfb02567ab59d6206
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS8:+NWPkHlUfBgpuPdWzyuDTifgyWlt
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-