Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605

  • Size

    1.3MB

  • Sample

    221126-a4qt5add5z

  • MD5

    0ca617961ceb2d4af6d3236678929fa3

  • SHA1

    cd4f3061fe03338d12020d57ad30f916e410abc5

  • SHA256

    999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605

  • SHA512

    bc22301ab9c50a0bc4fbb6777813d990d5d703b9baac6ecf1badfab82a81021e03af10bdb7955589f3c3b72ff0b6adc2dcf670cd9881e73fb254e92ed0d82f41

  • SSDEEP

    24576:f2O/GluCNRbvqYRYIdpbweMK5bBWQtMXC6kK7g6zwm4m53Sb2M:HwRbSYmIXMeMuMuMX7kK5kFm53SyM

Malware Config

Extracted

Family

darkcomet

Botnet

Steve

C2

slowburn.linkpc.net:6831

Mutex

DC_MUTEX-A54SB6Z

Attributes
  • gencode

    VPCWgaglFLx7

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605

    • Size

      1.3MB

    • MD5

      0ca617961ceb2d4af6d3236678929fa3

    • SHA1

      cd4f3061fe03338d12020d57ad30f916e410abc5

    • SHA256

      999edb0663eadfc252ed4223956c0ff20d976165e9c722eb6d4ff4e27f5eb605

    • SHA512

      bc22301ab9c50a0bc4fbb6777813d990d5d703b9baac6ecf1badfab82a81021e03af10bdb7955589f3c3b72ff0b6adc2dcf670cd9881e73fb254e92ed0d82f41

    • SSDEEP

      24576:f2O/GluCNRbvqYRYIdpbweMK5bBWQtMXC6kK7g6zwm4m53Sb2M:HwRbSYmIXMeMuMuMX7kK5kFm53SyM

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks