General
-
Target
6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b
-
Size
576KB
-
Sample
241108-ae896s1bnj
-
MD5
8ad3f4862f03a3a6f3de323aa6a35773
-
SHA1
9cc02248c1981675af5005931aeae0e323315f61
-
SHA256
6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b
-
SHA512
072373bb7d8da44db44efda7cd3608ff1fab68d39734124caee59b9cf4ec4bcc76c72c5247faddb2726cb249b24235ec2c678c6b6379a5054a4b5cf089691314
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSm:+NWPkHlUfBgpuPdWzyuDTifgyWlH
Behavioral task
behavioral1
Sample
6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b
-
Size
576KB
-
MD5
8ad3f4862f03a3a6f3de323aa6a35773
-
SHA1
9cc02248c1981675af5005931aeae0e323315f61
-
SHA256
6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b
-
SHA512
072373bb7d8da44db44efda7cd3608ff1fab68d39734124caee59b9cf4ec4bcc76c72c5247faddb2726cb249b24235ec2c678c6b6379a5054a4b5cf089691314
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSm:+NWPkHlUfBgpuPdWzyuDTifgyWlH
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-