Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874
-
Size
514KB
-
Sample
221201-jyk65ada6v
-
MD5
db3160e357420f805f554a593171eaf1
-
SHA1
f7b3bca65953e9f9965634e778c95af250d585c3
-
SHA256
b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874
-
SHA512
a3e80b118129f9cd8a2e0eadb186455ce44cf1eeb4f3c292d692922af762702cda0077862e8b1a5c7fcac43d60e2b8a71a2713927870c3c35e34957737528170
-
SSDEEP
12288:/YQpuKMf6NF5s/GA34LzKtDzNZbNlZlb5uplce:LuKMf6D54F34LevbNl75uT
Static task
static1
Behavioral task
behavioral1
Sample
b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
malay
myzaki.zapto.org:80
myzaki.zapto.org:81
myzaki.zapto.org:82
myzaki.zapto.org:83
myzaki.zapto.org:84
myzaki.zapto.org:85
myzaki.zapto.org:5050
DC_MUTEX-LF08XVX
-
InstallPath
skype\skype.exe
-
gencode
krp31zzMQMFc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Skype
Targets
-
-
Target
b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874
-
Size
514KB
-
MD5
db3160e357420f805f554a593171eaf1
-
SHA1
f7b3bca65953e9f9965634e778c95af250d585c3
-
SHA256
b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874
-
SHA512
a3e80b118129f9cd8a2e0eadb186455ce44cf1eeb4f3c292d692922af762702cda0077862e8b1a5c7fcac43d60e2b8a71a2713927870c3c35e34957737528170
-
SSDEEP
12288:/YQpuKMf6NF5s/GA34LzKtDzNZbNlZlb5uplce:LuKMf6D54F34LevbNl75uT
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-