General
-
Target
fe4bcbab897b1b16a7d50fa6317f390510d64421373001aec64621602ba2f91d
-
Size
2.8MB
-
Sample
221128-gb1l7aea6z
-
MD5
1504ba8da6e7310e16ab6fcd8ea04f1a
-
SHA1
82eec7d304747937fa1e1d44ee10c3ad20e60566
-
SHA256
fe4bcbab897b1b16a7d50fa6317f390510d64421373001aec64621602ba2f91d
-
SHA512
40212bae001a10cc23c008bbeb779f47d6a97d6220afcecf0d8517b720ea60b99400cf176819d18d4cb18619f3d685ea31723adab3b4efe7746f64177a61f16d
-
SSDEEP
49152:Bv5eY6DQKZi1062iCom0bVnMlCaRgp1GWjPtxijkxiMCVWI+YIfx:1NOjS062iq0xnMlCQgp1LDijeCVWjYIp
Static task
static1
Behavioral task
behavioral1
Sample
fe4bcbab897b1b16a7d50fa6317f390510d64421373001aec64621602ba2f91d.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
word
markben390.no-ip.org:1604
DCMIN_MUTEX-WG79R6U
-
gencode
QUoBsi7XUpPd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
fe4bcbab897b1b16a7d50fa6317f390510d64421373001aec64621602ba2f91d
-
Size
2.8MB
-
MD5
1504ba8da6e7310e16ab6fcd8ea04f1a
-
SHA1
82eec7d304747937fa1e1d44ee10c3ad20e60566
-
SHA256
fe4bcbab897b1b16a7d50fa6317f390510d64421373001aec64621602ba2f91d
-
SHA512
40212bae001a10cc23c008bbeb779f47d6a97d6220afcecf0d8517b720ea60b99400cf176819d18d4cb18619f3d685ea31723adab3b4efe7746f64177a61f16d
-
SSDEEP
49152:Bv5eY6DQKZi1062iCom0bVnMlCaRgp1GWjPtxijkxiMCVWI+YIfx:1NOjS062iq0xnMlCQgp1LDijeCVWjYIp
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-