Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Hack X1000 1.1.bin.zip
-
Size
340KB
-
Sample
231005-zwgc6ahd25
-
MD5
90299a8aa34ac24c015a395bb86f1383
-
SHA1
e0d45088e262ca821df70955fda9ea56dfc90ae7
-
SHA256
a9a7e4f65b15cbb5e6276488508e1c5d7c63590e2c73a584a413476fc8848d36
-
SHA512
061e3098eae56572244861a5fe7e400c5e248470117bd782afbb5e62030ea415d7c62016caa8f8e4a257190b6a78f639ec8c0ba8db033034cf22d99382c43e71
-
SSDEEP
6144:eNPXAt9IhJxRE7Hyg7joJ9lHLaPECfKOEfuLfnFcCsh/GYaRTya7S+yoVx0DD2:eNYt+hJxSrygYJqyOhfu5h/GlTySS+3R
Malware Config
Extracted
darkcomet
Guest16
192.168.1.8:4444
DC_MUTEX-26BR6RC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
njZx3Bkpuz6x
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
Hack X1000 1.1.bin
-
Size
756KB
-
MD5
74b69971031e3ed8edac827863f464cb
-
SHA1
97f44a38f292cad03e716857b113a4cb60bc199e
-
SHA256
5ff3a8d4425ada0f861da4b8177348506e0ba8870dd72ebdb5f58699f6eb69f9
-
SHA512
0002a9c817da27df65c242627d64a987dfa5f8a55e7fec55754d0678bf37e1dbb9628691b11195a1378f39eba69e0940215ea6a883a964ca42a905e8d75d206c
-
SSDEEP
12288:V9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hu:fZ1xuVVjfFoynPaVBUR8f+kN10EBk
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2