Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149
-
Size
1.8MB
-
Sample
221126-2cmryadd3s
-
MD5
0bc80e3f6ad2c99a3de2b517f92c1e9f
-
SHA1
9f7c4f75160dc2323ae52e49ea919a9ef877ff94
-
SHA256
1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149
-
SHA512
3d53358558212b4e1f445ca4fe966f77a4389f546dc3fe9dfcac6e0043b92e488bb814b2a508a608355e41afc01b119b0694e414870aae3edcabd6d83c9cd6a9
-
SSDEEP
49152:kbCjPKNqQzMMnWqTMMnWqPMMnWqPMMnWqXHkIWujhKYG:cCjPKNpMMnWqTMMnWqPMMnWqPMMnWqQ
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-WPS720K
-
gencode
T9rQ1w5MJ8Qh
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149
-
Size
1.8MB
-
MD5
0bc80e3f6ad2c99a3de2b517f92c1e9f
-
SHA1
9f7c4f75160dc2323ae52e49ea919a9ef877ff94
-
SHA256
1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149
-
SHA512
3d53358558212b4e1f445ca4fe966f77a4389f546dc3fe9dfcac6e0043b92e488bb814b2a508a608355e41afc01b119b0694e414870aae3edcabd6d83c9cd6a9
-
SSDEEP
49152:kbCjPKNqQzMMnWqTMMnWqPMMnWqPMMnWqXHkIWujhKYG:cCjPKNpMMnWqTMMnWqPMMnWqPMMnWqQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-