General
-
Target
23f173c2ea208d35ebc04be8cebb189348a85228806c367756e72064899f25c0_NeikiAnalytics.exe
-
Size
3.9MB
-
Sample
240630-3p6agsyhrb
-
MD5
783e407833fe0ad2c162e7b0235d9220
-
SHA1
f020644b862cc00c259341d4d5021d5689bd3994
-
SHA256
23f173c2ea208d35ebc04be8cebb189348a85228806c367756e72064899f25c0
-
SHA512
2762f16d80e4b8413b654f89dec715f3d561a021b9d879f5828e1794e87e4c622cdd389227f6dcc6b99326a2d78d75fae49df95e8667cd6f2031c47feb35c13a
-
SSDEEP
98304:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5CR:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBR
Malware Config
Targets
-
-
Target
23f173c2ea208d35ebc04be8cebb189348a85228806c367756e72064899f25c0_NeikiAnalytics.exe
-
Size
3.9MB
-
MD5
783e407833fe0ad2c162e7b0235d9220
-
SHA1
f020644b862cc00c259341d4d5021d5689bd3994
-
SHA256
23f173c2ea208d35ebc04be8cebb189348a85228806c367756e72064899f25c0
-
SHA512
2762f16d80e4b8413b654f89dec715f3d561a021b9d879f5828e1794e87e4c622cdd389227f6dcc6b99326a2d78d75fae49df95e8667cd6f2031c47feb35c13a
-
SSDEEP
98304:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5CR:alX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBR
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-