Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e876286f3d2faa79f0627bf9bfd04f12f15fc2716457d308f8083611f8c1381
-
Size
758KB
-
Sample
221127-2f8tkshc8z
-
MD5
984cc506b7124dafeb1a401124d315b7
-
SHA1
e2938d7c3bfd74179fcb8f0b7e7c79e6c76f0798
-
SHA256
5e876286f3d2faa79f0627bf9bfd04f12f15fc2716457d308f8083611f8c1381
-
SHA512
de2d06123119f1ddea521fecda32130c25904235ee729ec168747f40f3ae9da484a64df67dc2aa7ad579cbab6eeebba325965e1c8d2ba83161660e397879a834
-
SSDEEP
12288:rXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Ul:znAw2WWeFcfbP9VPSPMTSPL/rWvzq4JV
Behavioral task
behavioral1
Sample
5e876286f3d2faa79f0627bf9bfd04f12f15fc2716457d308f8083611f8c1381.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
blinko.no-ip.biz:1604
DC_MUTEX-XEP2LCR
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Qx6wzbzu70U9
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
5e876286f3d2faa79f0627bf9bfd04f12f15fc2716457d308f8083611f8c1381
-
Size
758KB
-
MD5
984cc506b7124dafeb1a401124d315b7
-
SHA1
e2938d7c3bfd74179fcb8f0b7e7c79e6c76f0798
-
SHA256
5e876286f3d2faa79f0627bf9bfd04f12f15fc2716457d308f8083611f8c1381
-
SHA512
de2d06123119f1ddea521fecda32130c25904235ee729ec168747f40f3ae9da484a64df67dc2aa7ad579cbab6eeebba325965e1c8d2ba83161660e397879a834
-
SSDEEP
12288:rXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Ul:znAw2WWeFcfbP9VPSPMTSPL/rWvzq4JV
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-