General
-
Target
eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89N
-
Size
576KB
-
Sample
241108-y1sfjsygmm
-
MD5
5410d97f00390baa17c1b0bedcbff780
-
SHA1
709dc50b14f572ae7d9c9f9d7fb8cf01677f5ebc
-
SHA256
eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89
-
SHA512
65275e74dbe8de6032595837b069a82a1e0e2d5308193c15e8ce4cfa8b532895fde2f240087e9f4a16281c2c1a76e8fcfd033adcb2b8de994b52dae2bd1ebfd1
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSO:+NWPkHlUfBgpuPdWzyuDTifgyWlP
Behavioral task
behavioral1
Sample
eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89N.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89N
-
Size
576KB
-
MD5
5410d97f00390baa17c1b0bedcbff780
-
SHA1
709dc50b14f572ae7d9c9f9d7fb8cf01677f5ebc
-
SHA256
eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89
-
SHA512
65275e74dbe8de6032595837b069a82a1e0e2d5308193c15e8ce4cfa8b532895fde2f240087e9f4a16281c2c1a76e8fcfd033adcb2b8de994b52dae2bd1ebfd1
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSO:+NWPkHlUfBgpuPdWzyuDTifgyWlP
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-