General
-
Target
0ad978b8fcf97c61ed88bba430a452a75e4156e4b7c854506ae5677b2653a5bfN.exe
-
Size
3.9MB
-
Sample
250104-fp1cxatkf1
-
MD5
77d7ae897494cdcadf14a95df00a89e0
-
SHA1
da79e718953b846c65d2f51593176e44a6567299
-
SHA256
0ad978b8fcf97c61ed88bba430a452a75e4156e4b7c854506ae5677b2653a5bf
-
SHA512
7900e2ddbdf26ea73b615ca1c5f7841fdd1979c4250204b0cd64548e249edce80b33442a6d7117432580b71d000c59f3aa32f757086ce09e61270fa8f9b211e7
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cq:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBq
Malware Config
Targets
-
-
Target
0ad978b8fcf97c61ed88bba430a452a75e4156e4b7c854506ae5677b2653a5bfN.exe
-
Size
3.9MB
-
MD5
77d7ae897494cdcadf14a95df00a89e0
-
SHA1
da79e718953b846c65d2f51593176e44a6567299
-
SHA256
0ad978b8fcf97c61ed88bba430a452a75e4156e4b7c854506ae5677b2653a5bf
-
SHA512
7900e2ddbdf26ea73b615ca1c5f7841fdd1979c4250204b0cd64548e249edce80b33442a6d7117432580b71d000c59f3aa32f757086ce09e61270fa8f9b211e7
-
SSDEEP
98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5Cq:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-