Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

  • Size

    1.7MB

  • Sample

    221126-2p79eaah77

  • MD5

    2387eb39ea6d9b53dc2a70ac836d9638

  • SHA1

    8780a3b880ec482f7a63a40aa3f01b15ad47bc81

  • SHA256

    1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

  • SHA512

    24ce82fc4da5f9caf98c53197200191d48acd18c468367631236f38c80a9fca4611d4192d522a1e90a68faef368c92c573f6e3c07a84cd3de0a21277f2d00d71

  • SSDEEP

    24576:M4lavt0LkLL9IMixoEgeaP60tmf9auZwjkiRik97PeBpgBNbam01hO3aq9MmCS:bkwkn9IMHeaP6df8uJiD7WWHqEqaPCS

Malware Config

Extracted

Family

darkcomet

Botnet

Work16

C2

jimmykarcter.ddnsking.com:1490

Mutex

DC_MUTEX-GLGCLP0

Attributes
  • gencode

    QaH9xjy6PUoh

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

    • Size

      1.7MB

    • MD5

      2387eb39ea6d9b53dc2a70ac836d9638

    • SHA1

      8780a3b880ec482f7a63a40aa3f01b15ad47bc81

    • SHA256

      1f4d24135ae9d20c3522988f9623529a0b1b320d4a1ab25c8fded65497bc9094

    • SHA512

      24ce82fc4da5f9caf98c53197200191d48acd18c468367631236f38c80a9fca4611d4192d522a1e90a68faef368c92c573f6e3c07a84cd3de0a21277f2d00d71

    • SSDEEP

      24576:M4lavt0LkLL9IMixoEgeaP60tmf9auZwjkiRik97PeBpgBNbam01hO3aq9MmCS:bkwkn9IMHeaP6df8uJiD7WWHqEqaPCS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks