Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60

  • Size

    970KB

  • Sample

    221201-yazryagg41

  • MD5

    888e2ff3d438e24c124f34ee8de2052e

  • SHA1

    a873698e0f13d70bfaf4b8b7021d3dca48302b2a

  • SHA256

    ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60

  • SHA512

    1283a679c6ee1b872b8b600c928846923707623ca8489143b50c6aa2f25cf5d0aa51c400c1d8264d044cb47fa500b46240da3c394d739ca2fb5ee4932e5c2a75

  • SSDEEP

    24576:obbVYk0jqnKXkecg7Xocte+7snYdXwZwj:obbwzUsrGWj

Malware Config

Extracted

Family

darkcomet

Botnet

DC

C2

WalruusHOST.NO-IP.biz:200

Mutex

DC_MUTEX-0HZFGFD

Attributes
  • gencode

    pynuhxnShyEp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60

    • Size

      970KB

    • MD5

      888e2ff3d438e24c124f34ee8de2052e

    • SHA1

      a873698e0f13d70bfaf4b8b7021d3dca48302b2a

    • SHA256

      ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60

    • SHA512

      1283a679c6ee1b872b8b600c928846923707623ca8489143b50c6aa2f25cf5d0aa51c400c1d8264d044cb47fa500b46240da3c394d739ca2fb5ee4932e5c2a75

    • SSDEEP

      24576:obbVYk0jqnKXkecg7Xocte+7snYdXwZwj:obbwzUsrGWj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks