Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

  • Size

    782KB

  • Sample

    221002-n2ntmsdha7

  • MD5

    63eadfafe6bf9323ce4a47536ceeb040

  • SHA1

    b7e7c9bd6ddcd51d9d486d8fa5c71a23d0abb7bc

  • SHA256

    ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

  • SHA512

    9d4c3d422d43859ae4766f8e8d15fd9bd2d4012422ff2760472b04a28bb918dd34a14cc7929dfcafe93df4d859dce211c059d40f348b893b59e05f0dae40abcc

  • SSDEEP

    12288:iMbL4uzi/ws7tIf3/b9IJVGuBIDX0tRodbxT9gr5vIBwvOjldFLU:bbc0i4ff3EGuBa9IIi2dLU

Malware Config

Extracted

Family

darkcomet

Botnet

.iLL

C2

savoritz.no-ip.biz:1604

Mutex

DC_MUTEX-8DY6RDR

Attributes
  • gencode

    dfjJdYiurW9f

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

    • Size

      782KB

    • MD5

      63eadfafe6bf9323ce4a47536ceeb040

    • SHA1

      b7e7c9bd6ddcd51d9d486d8fa5c71a23d0abb7bc

    • SHA256

      ec725c007703366ee0fac113ebfd13cd8932ad0e1fe077b973f582b61ddda8b0

    • SHA512

      9d4c3d422d43859ae4766f8e8d15fd9bd2d4012422ff2760472b04a28bb918dd34a14cc7929dfcafe93df4d859dce211c059d40f348b893b59e05f0dae40abcc

    • SSDEEP

      12288:iMbL4uzi/ws7tIf3/b9IJVGuBIDX0tRodbxT9gr5vIBwvOjldFLU:bbc0i4ff3EGuBa9IIi2dLU

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks