General
-
Target
25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be
-
Size
3.8MB
-
Sample
250101-zr5vystpay
-
MD5
3de6e51db11e90c1ec2b6dbb74e098a1
-
SHA1
a97ead99a1b2179445abb75fe07fa10e1bbc8655
-
SHA256
25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be
-
SHA512
cfbbcf844c3210a22608639ad2929e0e44eb83f8ec4d1a2a8c649b3efec6d1adf522986768d135e5ab9eba69cbbc622f9ffeb89ed7622bbdad27e8f74b192d45
-
SSDEEP
98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qN:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiT
Behavioral task
behavioral1
Sample
25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be
-
Size
3.8MB
-
MD5
3de6e51db11e90c1ec2b6dbb74e098a1
-
SHA1
a97ead99a1b2179445abb75fe07fa10e1bbc8655
-
SHA256
25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be
-
SHA512
cfbbcf844c3210a22608639ad2929e0e44eb83f8ec4d1a2a8c649b3efec6d1adf522986768d135e5ab9eba69cbbc622f9ffeb89ed7622bbdad27e8f74b192d45
-
SSDEEP
98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qN:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiT
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-