Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f
-
Size
1.3MB
-
Sample
221127-bmrkrshg67
-
MD5
826524e401929fbfd99e5673645409ba
-
SHA1
eccefa5723029b948cbdd2b3a73043d698225c58
-
SHA256
c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f
-
SHA512
3245f5901b8c0f26af74c81323ab9e7eb5796370292c4434b73a55a69acff8a93b6486703271bbfeb14e5efdda6173c4371fab81ef5890bd11c9bae4bef66e77
-
SSDEEP
24576:LSQR4/RS1aLniNRAGmhXpZLB082X2osKR8vzQfP1qCdRAR90D3c0HbWal5ho5tP/:+QR4JSgLn+iJ28Kr/6QfP1/AR90jHbbS
Malware Config
Targets
-
-
Target
c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f
-
Size
1.3MB
-
MD5
826524e401929fbfd99e5673645409ba
-
SHA1
eccefa5723029b948cbdd2b3a73043d698225c58
-
SHA256
c8be4bba9389e78ff09045395e9525199b10b7793f5403f818e2657c95dbf44f
-
SHA512
3245f5901b8c0f26af74c81323ab9e7eb5796370292c4434b73a55a69acff8a93b6486703271bbfeb14e5efdda6173c4371fab81ef5890bd11c9bae4bef66e77
-
SSDEEP
24576:LSQR4/RS1aLniNRAGmhXpZLB082X2osKR8vzQfP1qCdRAR90D3c0HbWal5ho5tP/:+QR4JSgLn+iJ28Kr/6QfP1/AR90jHbbS
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-