General
-
Target
df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba
-
Size
576KB
-
Sample
241207-d8mvtatqh1
-
MD5
649266098254b2bb9ff310ec049f6fed
-
SHA1
ceea2478fe0677e7da1f4551309dce57e745f8a1
-
SHA256
df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba
-
SHA512
f1dffb8a81be32dfc83dd29881d89f5cf33b7f5e300a21b80f30535dccc14b941118d1e30823ea645268346293db67df6b59a0456b0271150653abb67e9b7670
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSP:+NWPkHlUfBgpuPdWzyuDTifgyWlg
Behavioral task
behavioral1
Sample
df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba
-
Size
576KB
-
MD5
649266098254b2bb9ff310ec049f6fed
-
SHA1
ceea2478fe0677e7da1f4551309dce57e745f8a1
-
SHA256
df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba
-
SHA512
f1dffb8a81be32dfc83dd29881d89f5cf33b7f5e300a21b80f30535dccc14b941118d1e30823ea645268346293db67df6b59a0456b0271150653abb67e9b7670
-
SSDEEP
12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSP:+NWPkHlUfBgpuPdWzyuDTifgyWlg
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-