General
-
Target
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313
-
Size
2.8MB
-
Sample
221128-ahxesaab36
-
MD5
c633939e77b5cad28435cd6d1992f733
-
SHA1
beb9eb6895f973e8652f93ec792ce899653e07f2
-
SHA256
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313
-
SHA512
a7dda52d2d62c51fd7e4a4e326a159f1ee16789fad0db98742c89003de20c7989b6f1aa37dd318e2e9091a749449b2335799740861019f57358d08b09f958fb3
-
SSDEEP
49152:3v5eYSm++WEQybtwVgRKwK9Svaj4u05l0Cs/zRHXK4M1RRTM88z04g8crAc+f8:/NSm++WE1dRKpSSj05l0Cs/zRHXK4M1f
Static task
static1
Behavioral task
behavioral1
Sample
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
word
markben390.no-ip.org:1604
DCMIN_MUTEX-WG79R6U
-
gencode
QUoBsi7XUpPd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313
-
Size
2.8MB
-
MD5
c633939e77b5cad28435cd6d1992f733
-
SHA1
beb9eb6895f973e8652f93ec792ce899653e07f2
-
SHA256
34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313
-
SHA512
a7dda52d2d62c51fd7e4a4e326a159f1ee16789fad0db98742c89003de20c7989b6f1aa37dd318e2e9091a749449b2335799740861019f57358d08b09f958fb3
-
SSDEEP
49152:3v5eYSm++WEQybtwVgRKwK9Svaj4u05l0Cs/zRHXK4M1RRTM88z04g8crAc+f8:/NSm++WE1dRKpSSj05l0Cs/zRHXK4M1f
Score10/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-