Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df
-
Size
690KB
-
Sample
221127-afr3aaac3v
-
MD5
3c5d2b983954dda34a20869edd0ab20e
-
SHA1
0ae98b776b37d6c26317afaa13b0b59f4342a0fe
-
SHA256
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df
-
SHA512
50b9af5fc454d4b4d1d3096a64e0121bfc555a49cc8a9d7516f2473f7584ef0d5e64e90f5842e34b4a3e2bdc7647883b31272d90c3d3a5bc64c2211a613342d6
-
SSDEEP
12288:V9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hoJ:fZ1xuVVjfFoynPaVBUR8f+kN10EB6
Behavioral task
behavioral1
Sample
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Bruh
midnight8045.duckydns.org:5050
DCMIN_MUTEX-AUKNFFR
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
HQTfAYDL9u0p
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df
-
Size
690KB
-
MD5
3c5d2b983954dda34a20869edd0ab20e
-
SHA1
0ae98b776b37d6c26317afaa13b0b59f4342a0fe
-
SHA256
b49bf9fb3415d3755afa3a8cd71434ffcb47ecd09e33648b53879b3c6008e8df
-
SHA512
50b9af5fc454d4b4d1d3096a64e0121bfc555a49cc8a9d7516f2473f7584ef0d5e64e90f5842e34b4a3e2bdc7647883b31272d90c3d3a5bc64c2211a613342d6
-
SSDEEP
12288:V9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hoJ:fZ1xuVVjfFoynPaVBUR8f+kN10EB6
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-