Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

b0e16530a0...74.exe

windows7-x64

10

b0e16530a0...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874

  • Size

    514KB

  • Sample

    221201-jyk65ada6v

  • MD5

    db3160e357420f805f554a593171eaf1

  • SHA1

    f7b3bca65953e9f9965634e778c95af250d585c3

  • SHA256

    b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874

  • SHA512

    a3e80b118129f9cd8a2e0eadb186455ce44cf1eeb4f3c292d692922af762702cda0077862e8b1a5c7fcac43d60e2b8a71a2713927870c3c35e34957737528170

  • SSDEEP

    12288:/YQpuKMf6NF5s/GA34LzKtDzNZbNlZlb5uplce:LuKMf6D54F34LevbNl75uT

Score
10/10
darkcometmalayevasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

malay

C2

myzaki.zapto.org:80

myzaki.zapto.org:81

myzaki.zapto.org:82

myzaki.zapto.org:83

myzaki.zapto.org:84

myzaki.zapto.org:85

myzaki.zapto.org:5050
Mutex

DC_MUTEX-LF08XVX

Attributes
  • InstallPath

    skype\skype.exe

  • gencode

    krp31zzMQMFc

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    Skype

Targets

    • Target

      b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874

    • Size

      514KB

    • MD5

      db3160e357420f805f554a593171eaf1

    • SHA1

      f7b3bca65953e9f9965634e778c95af250d585c3

    • SHA256

      b0e16530a02eb2bd0b90e5eea863494c26731980ac3a16bd6727e991e7a48874

    • SHA512

      a3e80b118129f9cd8a2e0eadb186455ce44cf1eeb4f3c292d692922af762702cda0077862e8b1a5c7fcac43d60e2b8a71a2713927870c3c35e34957737528170

    • SSDEEP

      12288:/YQpuKMf6NF5s/GA34LzKtDzNZbNlZlb5uplce:LuKMf6D54F34LevbNl75uT

    Score
    10/10
    darkcometmalayevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks