Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605
-
Size
1.3MB
-
Sample
221126-a4qt5add5z
-
MD5
0ca617961ceb2d4af6d3236678929fa3
-
SHA1
cd4f3061fe03338d12020d57ad30f916e410abc5
-
SHA256
999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605
-
SHA512
bc22301ab9c50a0bc4fbb6777813d990d5d703b9baac6ecf1badfab82a81021e03af10bdb7955589f3c3b72ff0b6adc2dcf670cd9881e73fb254e92ed0d82f41
-
SSDEEP
24576:f2O/GluCNRbvqYRYIdpbweMK5bBWQtMXC6kK7g6zwm4m53Sb2M:HwRbSYmIXMeMuMuMX7kK5kFm53SyM
Static task
static1
Behavioral task
behavioral1
Sample
999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Steve
slowburn.linkpc.net:6831
DC_MUTEX-A54SB6Z
-
gencode
VPCWgaglFLx7
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605
-
Size
1.3MB
-
MD5
0ca617961ceb2d4af6d3236678929fa3
-
SHA1
cd4f3061fe03338d12020d57ad30f916e410abc5
-
SHA256
999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605
-
SHA512
bc22301ab9c50a0bc4fbb6777813d990d5d703b9baac6ecf1badfab82a81021e03af10bdb7955589f3c3b72ff0b6adc2dcf670cd9881e73fb254e92ed0d82f41
-
SSDEEP
24576:f2O/GluCNRbvqYRYIdpbweMK5bBWQtMXC6kK7g6zwm4m53Sb2M:HwRbSYmIXMeMuMuMX7kK5kFm53SyM
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-