Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bdce122320dd4dcbf31e169609b231cd1cf6de1bd6286cc3b75738bfbd1a6d55
-
Size
915KB
-
Sample
221030-xxtzjafba6
-
MD5
81d66a2e08aaf9b51a82b734b86c9e80
-
SHA1
48e5d46a6c5b95e1be88fa7a175a9d32358ec1dc
-
SHA256
bdce122320dd4dcbf31e169609b231cd1cf6de1bd6286cc3b75738bfbd1a6d55
-
SHA512
46c21077a8fe9523038c64e0c5aa85a801299ac809b771237a111becf4acbfaaa7ce6a45668bdeafa9949b34dccbc19424258c739334e3a7418b620ba1eb272d
-
SSDEEP
24576:5N1fAXro36rn7cdkr+HBYKMUkM0m+UaPtS:HqXrFLgyaqKHkhm+PPt
Malware Config
Extracted
darkcomet
WIFE-US
127.0.0.1:1604
linep.no-ip.org:1604
DC_MUTEX-AMR7Z0X
-
gencode
WDR3l3d5DWC1
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
bdce122320dd4dcbf31e169609b231cd1cf6de1bd6286cc3b75738bfbd1a6d55
-
Size
915KB
-
MD5
81d66a2e08aaf9b51a82b734b86c9e80
-
SHA1
48e5d46a6c5b95e1be88fa7a175a9d32358ec1dc
-
SHA256
bdce122320dd4dcbf31e169609b231cd1cf6de1bd6286cc3b75738bfbd1a6d55
-
SHA512
46c21077a8fe9523038c64e0c5aa85a801299ac809b771237a111becf4acbfaaa7ce6a45668bdeafa9949b34dccbc19424258c739334e3a7418b620ba1eb272d
-
SSDEEP
24576:5N1fAXro36rn7cdkr+HBYKMUkM0m+UaPtS:HqXrFLgyaqKHkhm+PPt
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-