Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3696652fcd7885fb3982eb9bac6274ffea26273121748ba11187f48edee1ed53
-
Size
356KB
-
Sample
221201-l3vmgabh6w
-
MD5
6665f5e35cc8a79573b7a60f42793ad5
-
SHA1
38f5f0131b63098f9fab7f6cdfb91b80999d4d94
-
SHA256
3696652fcd7885fb3982eb9bac6274ffea26273121748ba11187f48edee1ed53
-
SHA512
0a2578d4f15a2fb755a299b21fa5492b42e4c943178ad075a44412a0161aea6580d19543a06bff00c6f62d2626a678b0c0c2b802253312b042e06a98dc5adecf
-
SSDEEP
6144:BcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL378CfCY:BcW7KEZlPzCy378kC
Behavioral task
behavioral1
Sample
3696652fcd7885fb3982eb9bac6274ffea26273121748ba11187f48edee1ed53.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
nmp1
nhatnhoa.no-ip.org:9998
DC_MUTEX-6SF0UYS
-
InstallPath
MSDCSC\svhost.exe
-
gencode
f9Jslnn1jp65
-
install
true
-
offline_keylogger
true
-
password
jimmynmp
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
3696652fcd7885fb3982eb9bac6274ffea26273121748ba11187f48edee1ed53
-
Size
356KB
-
MD5
6665f5e35cc8a79573b7a60f42793ad5
-
SHA1
38f5f0131b63098f9fab7f6cdfb91b80999d4d94
-
SHA256
3696652fcd7885fb3982eb9bac6274ffea26273121748ba11187f48edee1ed53
-
SHA512
0a2578d4f15a2fb755a299b21fa5492b42e4c943178ad075a44412a0161aea6580d19543a06bff00c6f62d2626a678b0c0c2b802253312b042e06a98dc5adecf
-
SSDEEP
6144:BcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL378CfCY:BcW7KEZlPzCy378kC
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-