Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0431fcc335792f97fe4660c5ba857fa7
-
Size
659KB
-
Sample
231229-z3t8lafaf6
-
MD5
0431fcc335792f97fe4660c5ba857fa7
-
SHA1
cc1a5bec1653f1661b3e4185a488d81fb6c97939
-
SHA256
9637eb28918049462e11ed2cd4120331ef2f69fbd0b2fa0161a3677302f3581a
-
SHA512
a1118c79ec6a73fb95c07f097c633c6321c10dcac6f480585818eb030bb91a702b2e316573a704ec2dbb2082a87ef3598d7d5d76d8b94ca89a31bb00609c8d29
-
SSDEEP
12288:EX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0X:Css2Sm39NNv9wY7tHwbzfIoK6Mof
Behavioral task
behavioral1
Sample
0431fcc335792f97fe4660c5ba857fa7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0431fcc335792f97fe4660c5ba857fa7.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-4P9QREJ
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
aapwobi7GLgZ
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
0431fcc335792f97fe4660c5ba857fa7
-
Size
659KB
-
MD5
0431fcc335792f97fe4660c5ba857fa7
-
SHA1
cc1a5bec1653f1661b3e4185a488d81fb6c97939
-
SHA256
9637eb28918049462e11ed2cd4120331ef2f69fbd0b2fa0161a3677302f3581a
-
SHA512
a1118c79ec6a73fb95c07f097c633c6321c10dcac6f480585818eb030bb91a702b2e316573a704ec2dbb2082a87ef3598d7d5d76d8b94ca89a31bb00609c8d29
-
SSDEEP
12288:EX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0X:Css2Sm39NNv9wY7tHwbzfIoK6Mof
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-