Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.8b48a1b5a19cb1e67f43c81386fa26d0.exe
-
Size
325KB
-
Sample
231101-rj6taafd67
-
MD5
8b48a1b5a19cb1e67f43c81386fa26d0
-
SHA1
bb8d38a056d805d0f10fbdbe810f968ff3b9d184
-
SHA256
39b902c7f2684b5faf01bb3872ddd4fd4066f15553e6b009a9be0fef85928b2c
-
SHA512
361cac8ab1d20df90dd498c6cee0f0b0a8a1716b88a0ce437c48defe16c48e416bb3a4e75e97d659fe06d10c26d5dbc0b08a1146283265e8c1da6c744883c2e7
-
SSDEEP
6144:ZYgZdcJZs091uPFP1QpCT0LurJH1l3ZwzaKAG6cz9eswTfmr/yruO:ZY1JKIMlypCgiFJxlcz9eswT0hO
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8b48a1b5a19cb1e67f43c81386fa26d0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.8b48a1b5a19cb1e67f43c81386fa26d0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
darkcomet
WXXXXW
euro2012.no-ip.org:22
euro2012.no-ip.org:3389
euro2012.no-ip.org:5631
DC_MUTEX-X2H0E82
-
InstallPath
Debug\msdcsc.exe
-
gencode
F4JVWk9c0ekU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
NEAS.8b48a1b5a19cb1e67f43c81386fa26d0.exe
-
Size
325KB
-
MD5
8b48a1b5a19cb1e67f43c81386fa26d0
-
SHA1
bb8d38a056d805d0f10fbdbe810f968ff3b9d184
-
SHA256
39b902c7f2684b5faf01bb3872ddd4fd4066f15553e6b009a9be0fef85928b2c
-
SHA512
361cac8ab1d20df90dd498c6cee0f0b0a8a1716b88a0ce437c48defe16c48e416bb3a4e75e97d659fe06d10c26d5dbc0b08a1146283265e8c1da6c744883c2e7
-
SSDEEP
6144:ZYgZdcJZs091uPFP1QpCT0LurJH1l3ZwzaKAG6cz9eswTfmr/yruO:ZY1JKIMlypCgiFJxlcz9eswT0hO
-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1