Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
74a9f7ac76250c6eb9d0c674a4249c92
-
Size
426KB
-
Sample
240125-pbjbxagbaj
-
MD5
74a9f7ac76250c6eb9d0c674a4249c92
-
SHA1
8c544f4df935bbb9c13e8c88359497f134e47abd
-
SHA256
45f13c2ef9560816343176cce689c89e8a1fcd48e021b71093b56d19cb3c947b
-
SHA512
e4476f5c1792f9361ee5f53968b3f1abbd8b012c3f0cc47580565a54b5b41d12edb29aa0cd4fbe5e08e7d20a1175b891c37e58fa908aa5737c84cbb8bbdb2d25
-
SSDEEP
12288:6Tij6aV7gcz/cWCrR46sYjtyW3Ydi7N0+u21j6c769k:66lNcWCtpsYjtyOwgF1OK6W
Static task
static1
Behavioral task
behavioral1
Sample
74a9f7ac76250c6eb9d0c674a4249c92.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
74a9f7ac76250c6eb9d0c674a4249c92.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16
basel1234.no-ip.biz:81
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
LSspVhv0MBT2
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
74a9f7ac76250c6eb9d0c674a4249c92
-
Size
426KB
-
MD5
74a9f7ac76250c6eb9d0c674a4249c92
-
SHA1
8c544f4df935bbb9c13e8c88359497f134e47abd
-
SHA256
45f13c2ef9560816343176cce689c89e8a1fcd48e021b71093b56d19cb3c947b
-
SHA512
e4476f5c1792f9361ee5f53968b3f1abbd8b012c3f0cc47580565a54b5b41d12edb29aa0cd4fbe5e08e7d20a1175b891c37e58fa908aa5737c84cbb8bbdb2d25
-
SSDEEP
12288:6Tij6aV7gcz/cWCrR46sYjtyW3Ydi7N0+u21j6c769k:66lNcWCtpsYjtyOwgF1OK6W
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-