Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d

  • Size

    744KB

  • Sample

    221201-lzr26sgb44

  • MD5

    ec9b8f4b0af5befd5558ffeb0ecc88a6

  • SHA1

    9bb0f2e8322288ed4e2612496d7de2340dcb5173

  • SHA256

    c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d

  • SHA512

    6cd1a68c677ecf120c023ed274cbf12977e86a1e593021964bbae51638b8daa71ee451ab859a7ca521a29f71706892549b1db2440f5f7cf21e0ec104cb4e4137

  • SSDEEP

    12288:z8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixW:QUKoN0bUxgGa/pfBHDb+y1HgZ

Malware Config

Targets

    • Target

      c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d

    • Size

      744KB

    • MD5

      ec9b8f4b0af5befd5558ffeb0ecc88a6

    • SHA1

      9bb0f2e8322288ed4e2612496d7de2340dcb5173

    • SHA256

      c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d

    • SHA512

      6cd1a68c677ecf120c023ed274cbf12977e86a1e593021964bbae51638b8daa71ee451ab859a7ca521a29f71706892549b1db2440f5f7cf21e0ec104cb4e4137

    • SSDEEP

      12288:z8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixW:QUKoN0bUxgGa/pfBHDb+y1HgZ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks