Behavioral task
behavioral1
Sample
8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe
Resource
win10v2004-20240412-en
General
-
Target
75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11
-
Size
306KB
-
MD5
c4c06713168992797d747b4c6b505b6e
-
SHA1
7b19d443e75747fe948979a182927441cd0238ab
-
SHA256
75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11
-
SHA512
214afc720059dfba0fb3ce6faa5f259260d7101d8e420bbe67d35406a783ebff572f5a53d1350572bc22b9c9c003b7597ce73208b385e9b73cdd5846013ec18d
-
SSDEEP
6144:XYzKNVgAUnZyF6W7RoLpye2YTA02p3iEY+smQ9VBwPCBgr/OicbfnfnsN:IzKL7d7RmpypWX2pTsDV2cgr/ODfn0N
Malware Config
Signatures
-
Darkcomet family
-
Processes:
resource yara_rule static1/unpack001/8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe
Files
-
75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11.zip
Password: infected
-
8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 484KB - Virtual size: 484KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE