Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

  • Size

    907KB

  • Sample

    221106-r85braacap

  • MD5

    19e3e6a3c55a4a9183ced01c7ea1272a

  • SHA1

    640eb2c5848755aea9095a84a61a24736482a63d

  • SHA256

    5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

  • SHA512

    0ac2a3da3d94b2cd159dd2c7de58fab903203ec740d8e36da9886422af3f52f0c63f7fd7563e71fec788c9801e2f27234f5e3eb639db88957e692c42e10f320d

  • SSDEEP

    24576:+AEENIq8XwyVPQclDq/+WnpsSjJCYkkX5zA:+AEsw722Wn1JlFA

Malware Config

Targets

    • Target

      5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

    • Size

      907KB

    • MD5

      19e3e6a3c55a4a9183ced01c7ea1272a

    • SHA1

      640eb2c5848755aea9095a84a61a24736482a63d

    • SHA256

      5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

    • SHA512

      0ac2a3da3d94b2cd159dd2c7de58fab903203ec740d8e36da9886422af3f52f0c63f7fd7563e71fec788c9801e2f27234f5e3eb639db88957e692c42e10f320d

    • SSDEEP

      24576:+AEENIq8XwyVPQclDq/+WnpsSjJCYkkX5zA:+AEsw722Wn1JlFA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Windows security bypass

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks