Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149

  • Size

    1.8MB

  • Sample

    221126-2cmryadd3s

  • MD5

    0bc80e3f6ad2c99a3de2b517f92c1e9f

  • SHA1

    9f7c4f75160dc2323ae52e49ea919a9ef877ff94

  • SHA256

    1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149

  • SHA512

    3d53358558212b4e1f445ca4fe966f77a4389f546dc3fe9dfcac6e0043b92e488bb814b2a508a608355e41afc01b119b0694e414870aae3edcabd6d83c9cd6a9

  • SSDEEP

    49152:kbCjPKNqQzMMnWqTMMnWqPMMnWqPMMnWqXHkIWujhKYG:cCjPKNpMMnWqTMMnWqPMMnWqPMMnWqQ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-WPS720K

Attributes
  • gencode

    T9rQ1w5MJ8Qh

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149

    • Size

      1.8MB

    • MD5

      0bc80e3f6ad2c99a3de2b517f92c1e9f

    • SHA1

      9f7c4f75160dc2323ae52e49ea919a9ef877ff94

    • SHA256

      1a2dfe526795d8075f4b22d15a3bbc69d460013c4146bb769f9fd2518fbae149

    • SHA512

      3d53358558212b4e1f445ca4fe966f77a4389f546dc3fe9dfcac6e0043b92e488bb814b2a508a608355e41afc01b119b0694e414870aae3edcabd6d83c9cd6a9

    • SSDEEP

      49152:kbCjPKNqQzMMnWqTMMnWqPMMnWqPMMnWqXHkIWujhKYG:cCjPKNpMMnWqTMMnWqPMMnWqPMMnWqQ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks