Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

  • Size

    1.7MB

  • Sample

    221126-2p79eaah77

  • MD5

    2387eb39ea6d9b53dc2a70ac836d9638

  • SHA1

    8780a3b880ec482f7a63a40aa3f01b15ad47bc81

  • SHA256

    1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

  • SHA512

    24ce82fc4da5f9caf98c53197200191d48acd18c468367631236f38c80a9fca4611d4192d522a1e90a68faef368c92c573f6e3c07a84cd3de0a21277f2d00d71

  • SSDEEP

    24576:M4lavt0LkLL9IMixoEgeaP60tmf9auZwjkiRik97PeBpgBNbam01hO3aq9MmCS:bkwkn9IMHeaP6df8uJiD7WWHqEqaPCS

Malware Config

Extracted

Family

darkcomet

Botnet

Work16

C2

jimmykarcter.ddnsking.com:1490

Mutex

DC_MUTEX-GLGCLP0

Attributes
  • gencode

    QaH9xjy6PUoh

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

    • Size

      1.7MB

    • MD5

      2387eb39ea6d9b53dc2a70ac836d9638

    • SHA1

      8780a3b880ec482f7a63a40aa3f01b15ad47bc81

    • SHA256

      1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

    • SHA512

      24ce82fc4da5f9caf98c53197200191d48acd18c468367631236f38c80a9fca4611d4192d522a1e90a68faef368c92c573f6e3c07a84cd3de0a21277f2d00d71

    • SSDEEP

      24576:M4lavt0LkLL9IMixoEgeaP60tmf9auZwjkiRik97PeBpgBNbam01hO3aq9MmCS:bkwkn9IMHeaP6df8uJiD7WWHqEqaPCS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.