General
-
Target
d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca.exe
-
Size
576KB
-
Sample
241205-ay2pfayqg1
-
MD5
e1c80eaa00547ec4390fd762d0e5ffe3
-
SHA1
367ed11958e149173816d14681ccbfef6f877f8e
-
SHA256
d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca
-
SHA512
308f78566625f67e59f4c561b5bc53cc022a55d6314d2d449bf5d272a76dfb5e8b0505d72120d7bc25040f241e65b7fb2a7ea349499e7ae29b77c3ca24ee738c
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSt:+NWPkHlUfBgpuPdWzyuDTifgyWls
Behavioral task
behavioral1
Sample
d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca.exe
-
Size
576KB
-
MD5
e1c80eaa00547ec4390fd762d0e5ffe3
-
SHA1
367ed11958e149173816d14681ccbfef6f877f8e
-
SHA256
d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca
-
SHA512
308f78566625f67e59f4c561b5bc53cc022a55d6314d2d449bf5d272a76dfb5e8b0505d72120d7bc25040f241e65b7fb2a7ea349499e7ae29b77c3ca24ee738c
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSt:+NWPkHlUfBgpuPdWzyuDTifgyWls
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-