Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

5f1dfda34a...34.exe

windows7-x64

10

5f1dfda34a...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

  • Size

    907KB

  • Sample

    221106-r85braacap

  • MD5

    19e3e6a3c55a4a9183ced01c7ea1272a

  • SHA1

    640eb2c5848755aea9095a84a61a24736482a63d

  • SHA256

    5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

  • SHA512

    0ac2a3da3d94b2cd159dd2c7de58fab903203ec740d8e36da9886422af3f52f0c63f7fd7563e71fec788c9801e2f27234f5e3eb639db88957e692c42e10f320d

  • SSDEEP

    24576:+AEENIq8XwyVPQclDq/+WnpsSjJCYkkX5zA:+AEsw722Wn1JlFA

Score
10/10
darkcometevasionpersistencerattrojan

Malware Config

Targets

    • Target

      5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

    • Size

      907KB

    • MD5

      19e3e6a3c55a4a9183ced01c7ea1272a

    • SHA1

      640eb2c5848755aea9095a84a61a24736482a63d

    • SHA256

      5f1dfda34adabcfc7b2bc44a252549175e50bde499b4d3e4024170df1d59b634

    • SHA512

      0ac2a3da3d94b2cd159dd2c7de58fab903203ec740d8e36da9886422af3f52f0c63f7fd7563e71fec788c9801e2f27234f5e3eb639db88957e692c42e10f320d

    • SSDEEP

      24576:+AEENIq8XwyVPQclDq/+WnpsSjJCYkkX5zA:+AEsw722Wn1JlFA

    Score
    10/10
    darkcometevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks