Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848
-
Size
1.5MB
-
Sample
221126-cky3hahb2z
-
MD5
a7c3c8e1992dca26a686c79747b391d5
-
SHA1
716ee44002ac35a4201850ef52bf9f08b037c5ce
-
SHA256
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848
-
SHA512
2c59435f875fcf3ceb38cd9a4bb89cb29f9e1a42e7e26206b9636df888eaf074dc7bad8331e57cd8d6860db85edc23a7f0fb6330f7f65ebe6d61cd7e8dd50b17
-
SSDEEP
24576:Xtb20pkaCqT5TBWgNQ7aC377sxJa2ALeGzaa7dNoxEH/MoZI8ndKJ6A:UVg5tQ7aC377sraXeUpNoxEfdZIB5
Static task
static1
Behavioral task
behavioral1
Sample
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Default
1336imm.noip.me:1336
DCMIN_MUTEX-DJ6DL69
-
gencode
rJML8aXpsfPK
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848
-
Size
1.5MB
-
MD5
a7c3c8e1992dca26a686c79747b391d5
-
SHA1
716ee44002ac35a4201850ef52bf9f08b037c5ce
-
SHA256
c40b65558d773d5148551fd3d0b2f4c002c5d16df2f0077afd15d10db0be7848
-
SHA512
2c59435f875fcf3ceb38cd9a4bb89cb29f9e1a42e7e26206b9636df888eaf074dc7bad8331e57cd8d6860db85edc23a7f0fb6330f7f65ebe6d61cd7e8dd50b17
-
SSDEEP
24576:Xtb20pkaCqT5TBWgNQ7aC377sxJa2ALeGzaa7dNoxEH/MoZI8ndKJ6A:UVg5tQ7aC377sraXeUpNoxEfdZIB5
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-