Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f

  • Size

    1.3MB

  • Sample

    221127-bmrkrshg67

  • MD5

    826524e401929fbfd99e5673645409ba

  • SHA1

    eccefa5723029b948cbdd2b3a73043d698225c58

  • SHA256

    c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f

  • SHA512

    3245f5901b8c0f26af74c81323ab9e7eb5796370292c4434b73a55a69acff8a93b6486703271bbfeb14e5efdda6173c4371fab81ef5890bd11c9bae4bef66e77

  • SSDEEP

    24576:LSQR4/RS1aLniNRAGmhXpZLB082X2osKR8vzQfP1qCdRAR90D3c0HbWal5ho5tP/:+QR4JSgLn+iJ28Kr/6QfP1/AR90jHbbS

Malware Config

Targets

    • Target

      c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f

    • Size

      1.3MB

    • MD5

      826524e401929fbfd99e5673645409ba

    • SHA1

      eccefa5723029b948cbdd2b3a73043d698225c58

    • SHA256

      c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f

    • SHA512

      3245f5901b8c0f26af74c81323ab9e7eb5796370292c4434b73a55a69acff8a93b6486703271bbfeb14e5efdda6173c4371fab81ef5890bd11c9bae4bef66e77

    • SSDEEP

      24576:LSQR4/RS1aLniNRAGmhXpZLB082X2osKR8vzQfP1qCdRAR90D3c0HbWal5ho5tP/:+QR4JSgLn+iJ28Kr/6QfP1/AR90jHbbS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks