Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

  • Size

    389KB

  • Sample

    221203-qlr78sgg2s

  • MD5

    eae6b37b6242cdeba60fd04f4d09dc8b

  • SHA1

    2a487a88a9a8f3663ed0f2a5d562af424b7bff21

  • SHA256

    c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

  • SHA512

    76a69134b147535e88a7b58f59cd19efa0711f64181b0b0feff657ba993a2e33c4084ed6cd4728646403f4c7762afe47b4b031ddd0fb47085c27f859393e7c3d

  • SSDEEP

    6144:XEk6v38qdv4A9sE2bLutpL9v++JQegpbtKHWIhQFLfjWUkgd2d2NTAreVRcNoO:XEJ8qdgAIuwY/mcQxfjWUPFNcr0J

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

nicksrat.no-ip.biz:1604

Mutex

DC_MUTEX-H7FLLF9

Attributes
  • gencode

    t4wBhiJiyE7T

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

    • Size

      389KB

    • MD5

      eae6b37b6242cdeba60fd04f4d09dc8b

    • SHA1

      2a487a88a9a8f3663ed0f2a5d562af424b7bff21

    • SHA256

      c8235cf09120c1bf9a5c6caf885c1784178e4c30e9eef2d274902b32e0fc265a

    • SHA512

      76a69134b147535e88a7b58f59cd19efa0711f64181b0b0feff657ba993a2e33c4084ed6cd4728646403f4c7762afe47b4b031ddd0fb47085c27f859393e7c3d

    • SSDEEP

      6144:XEk6v38qdv4A9sE2bLutpL9v++JQegpbtKHWIhQFLfjWUkgd2d2NTAreVRcNoO:XEJ8qdgAIuwY/mcQxfjWUPFNcr0J

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks