Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
707cae5691796c3ebdd8940831948d0e49965e33e4f0384edba8e1969158bd02
-
Size
661KB
-
Sample
221107-tg87qshbdm
-
MD5
081479fd083ec172e9a7c23caba03bb1
-
SHA1
e7cb1abdef3384ca5ac1a31c2c791a84304926e9
-
SHA256
707cae5691796c3ebdd8940831948d0e49965e33e4f0384edba8e1969158bd02
-
SHA512
261cab6c1c3cdba1783b89a15c3b4c6e3e7bee8a4b129c9c9abf511d35f7f4658fea67a561ce775498a7a9df4311357670119ba67acc1f210830baf8c147a900
-
SSDEEP
12288:MXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UR:anAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jh
Malware Config
Extracted
darkcomet
Guest16
shizzlekid.zapto.org:1919
DC_MUTEX-NE6UK92
-
InstallPath
MSDCSC\microsoft.exe
-
gencode
YcKFVzKEhbEr
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Microsoft
Targets
-
-
Target
707cae5691796c3ebdd8940831948d0e49965e33e4f0384edba8e1969158bd02
-
Size
661KB
-
MD5
081479fd083ec172e9a7c23caba03bb1
-
SHA1
e7cb1abdef3384ca5ac1a31c2c791a84304926e9
-
SHA256
707cae5691796c3ebdd8940831948d0e49965e33e4f0384edba8e1969158bd02
-
SHA512
261cab6c1c3cdba1783b89a15c3b4c6e3e7bee8a4b129c9c9abf511d35f7f4658fea67a561ce775498a7a9df4311357670119ba67acc1f210830baf8c147a900
-
SSDEEP
12288:MXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UR:anAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jh
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-