Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c
-
Size
1.6MB
-
Sample
221127-nnhqgadd98
-
MD5
eadb15713eac3cdd68ba2894159c712a
-
SHA1
5d5e3b7f6fb857962e4e0bae1621f92c6d079a5c
-
SHA256
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c
-
SHA512
c361424c7fc256197857be6cb29527bb977dbb2a78e5ad84421f81becf973d2a70e26e7aa149706357b3c78457c09e7b91d72348bbc505b8fbf76e95e79c405b
-
SSDEEP
49152:Xz1Yx8+L3BF4oyfKjyecVkpmldm+kzTSC:XhW9K5ijypCpmi+kzTx
Static task
static1
Behavioral task
behavioral1
Sample
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
newstub
warrior0007.no-ip.biz:1604
warrior0007.no-ip.biz:8027
DC_MUTEX-WXZ81F5
-
gencode
hea0E4tQnUVF
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c
-
Size
1.6MB
-
MD5
eadb15713eac3cdd68ba2894159c712a
-
SHA1
5d5e3b7f6fb857962e4e0bae1621f92c6d079a5c
-
SHA256
82a2969365c75d03cb6b3915577d8d6417c4874ab3a51b5cd6ff3d2b6a28738c
-
SHA512
c361424c7fc256197857be6cb29527bb977dbb2a78e5ad84421f81becf973d2a70e26e7aa149706357b3c78457c09e7b91d72348bbc505b8fbf76e95e79c405b
-
SSDEEP
49152:Xz1Yx8+L3BF4oyfKjyecVkpmldm+kzTSC:XhW9K5ijypCpmi+kzTx
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-