Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618

  • Size

    758KB

  • Sample

    221201-zrqq2aah27

  • MD5

    97c9689e3b5ea8f15fbcf2919038e02b

  • SHA1

    2aa3bd0c36cc22de727f32e51b0098e9283dc2e8

  • SHA256

    94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618

  • SHA512

    c859a61666ac338802217709f26a24f3ea76f96e7a67e5b95b0e4a0fd143d09b6a9d9b3948c1eb0ae8325aff4c8e8a86176950d5c2b20b34c0b6b01ac95725ac

  • SSDEEP

    12288:76lOwG2qPnAknEHZCX2N0K4AivtYRiSVXWMMkNV4mAPKmT9YCBBJFihR0ltqeIi:QOr2qPXUCX2NlR6uRiqWbAVPAPZYCBzz

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-R3938ZJ

Attributes
  • gencode

    pjduwzHB2Fki

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618

    • Size

      758KB

    • MD5

      97c9689e3b5ea8f15fbcf2919038e02b

    • SHA1

      2aa3bd0c36cc22de727f32e51b0098e9283dc2e8

    • SHA256

      94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618

    • SHA512

      c859a61666ac338802217709f26a24f3ea76f96e7a67e5b95b0e4a0fd143d09b6a9d9b3948c1eb0ae8325aff4c8e8a86176950d5c2b20b34c0b6b01ac95725ac

    • SSDEEP

      12288:76lOwG2qPnAknEHZCX2N0K4AivtYRiSVXWMMkNV4mAPKmT9YCBBJFihR0ltqeIi:QOr2qPXUCX2NlR6uRiqWbAVPAPZYCBzz

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks