Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a

  • Size

    1.1MB

  • Sample

    221128-fcfsqsbd71

  • MD5

    c3e725e101429c8f5fa63ebff8a0aa5d

  • SHA1

    4bdc369996484bd52519c00f48d320ba127ec627

  • SHA256

    bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a

  • SHA512

    8677dab9c79d4f333bd5a953d532bd4405dfd14b14ae93bae74dad769e5cf6a599f4abf2da94ea7a75843800bf747bb82a8972d4ff8260bfa60efb63a06a23f4

  • SSDEEP

    24576:Fw1+mpzx/blZuPqIWt6OiiUfUqO/aQXfiqgzHfbUsq4qSRZ6A:Fw1Dp1/blZuq56aUfUqOjfP8Lq4qm

Malware Config

Targets

    • Target

      bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a

    • Size

      1.1MB

    • MD5

      c3e725e101429c8f5fa63ebff8a0aa5d

    • SHA1

      4bdc369996484bd52519c00f48d320ba127ec627

    • SHA256

      bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a

    • SHA512

      8677dab9c79d4f333bd5a953d532bd4405dfd14b14ae93bae74dad769e5cf6a599f4abf2da94ea7a75843800bf747bb82a8972d4ff8260bfa60efb63a06a23f4

    • SSDEEP

      24576:Fw1+mpzx/blZuPqIWt6OiiUfUqO/aQXfiqgzHfbUsq4qSRZ6A:Fw1Dp1/blZuq56aUfUqOjfP8Lq4qm

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks