Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

  • Size

    659KB

  • Sample

    221129-tgp4vsdd97

  • MD5

    25c15339a4bc59109a702aea175a4278

  • SHA1

    b7f42b8830b228e3af0210f7fea252430eaaefe3

  • SHA256

    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

  • SHA512

    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

  • SSDEEP

    12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKg:XAQ6Zx9cxTmOrucTIEFSpOG1

Malware Config

Targets

    • Target

      aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

    • Size

      659KB

    • MD5

      25c15339a4bc59109a702aea175a4278

    • SHA1

      b7f42b8830b228e3af0210f7fea252430eaaefe3

    • SHA256

      aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

    • SHA512

      0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

    • SSDEEP

      12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKg:XAQ6Zx9cxTmOrucTIEFSpOG1

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks