General
-
Target
c6c25b8429a6fe424370f98ec33b57214561ccadaa62106983d9df5ea7245dd9
-
Size
3.9MB
-
Sample
241231-d7n2gsvrhw
-
MD5
1ed017751ab0d1345efdd7e61c28645e
-
SHA1
2332317669f2457db6d6543b2335fb95e88b77ce
-
SHA256
c6c25b8429a6fe424370f98ec33b57214561ccadaa62106983d9df5ea7245dd9
-
SHA512
aabd98c092421d42ef53e85b1f4b374535ce9dcbfb49710f03eb97a332bd918276ced15aace83ce390810e158149d7155d4cee6b8b8801349653b846ace1b527
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cf:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBf
Malware Config
Targets
-
-
Target
c6c25b8429a6fe424370f98ec33b57214561ccadaa62106983d9df5ea7245dd9
-
Size
3.9MB
-
MD5
1ed017751ab0d1345efdd7e61c28645e
-
SHA1
2332317669f2457db6d6543b2335fb95e88b77ce
-
SHA256
c6c25b8429a6fe424370f98ec33b57214561ccadaa62106983d9df5ea7245dd9
-
SHA512
aabd98c092421d42ef53e85b1f4b374535ce9dcbfb49710f03eb97a332bd918276ced15aace83ce390810e158149d7155d4cee6b8b8801349653b846ace1b527
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cf:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-