Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d2c2064eb6a9cd1bfb734e2f97ecb73ac5331a43988d0408e0aec167c39fb420
-
Size
498KB
-
Sample
221203-esp6nsdc39
-
MD5
1bddf9a06684a1cf0d88dacdf407fc20
-
SHA1
a6d1769c6e15a82434913476dac42d90a3ae3b43
-
SHA256
d2c2064eb6a9cd1bfb734e2f97ecb73ac5331a43988d0408e0aec167c39fb420
-
SHA512
5b02a92e8e67b5e74f0ba7838b708cfd3cebc8e754345351d5bfaf68e44a6b4498cef6461358355f25d42e4f75fb40b6bc59cd368f0945af5145b1986f52dd21
-
SSDEEP
12288:ch5C8uBkFzIkjFNT9RA73gTSZv7xbVxCfk7Kl0ywos:GiZkx996LM+7Z4WKl0yx
Malware Config
Extracted
darkcomet
313
samantha.servebeer.com:1604
DC_MUTEX-61Q6CYX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
cbF34c47laEA
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
d2c2064eb6a9cd1bfb734e2f97ecb73ac5331a43988d0408e0aec167c39fb420
-
Size
498KB
-
MD5
1bddf9a06684a1cf0d88dacdf407fc20
-
SHA1
a6d1769c6e15a82434913476dac42d90a3ae3b43
-
SHA256
d2c2064eb6a9cd1bfb734e2f97ecb73ac5331a43988d0408e0aec167c39fb420
-
SHA512
5b02a92e8e67b5e74f0ba7838b708cfd3cebc8e754345351d5bfaf68e44a6b4498cef6461358355f25d42e4f75fb40b6bc59cd368f0945af5145b1986f52dd21
-
SSDEEP
12288:ch5C8uBkFzIkjFNT9RA73gTSZv7xbVxCfk7Kl0ywos:GiZkx996LM+7Z4WKl0yx
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-