Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552

  • Size

    1.4MB

  • Sample

    221204-dlkf6sbd54

  • MD5

    e5aaaac2fcd910193e0e68491a549308

  • SHA1

    41a38a84a97599310e5cdacf04b16da6aded7697

  • SHA256

    e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552

  • SHA512

    cd39febbfed12dda594cd057c21c88f0a2834fed9c5efeac6b0066dd39a4111c1b10343c23bfa8bb317fbf9d22e700cbd3ebefc31ebb56dcbe12be02983b58f0

  • SSDEEP

    24576:6iC8pRuPliuuYmjBgtojHLJR533s4GoBg80IaKqVrS7i0ZESx3Y:6YpUPliuuYYutoTLJR533SoBg8bqxSJG

Score
10/10

Malware Config

Targets

    • Target

      e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552

    • Size

      1.4MB

    • MD5

      e5aaaac2fcd910193e0e68491a549308

    • SHA1

      41a38a84a97599310e5cdacf04b16da6aded7697

    • SHA256

      e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552

    • SHA512

      cd39febbfed12dda594cd057c21c88f0a2834fed9c5efeac6b0066dd39a4111c1b10343c23bfa8bb317fbf9d22e700cbd3ebefc31ebb56dcbe12be02983b58f0

    • SSDEEP

      24576:6iC8pRuPliuuYmjBgtojHLJR533s4GoBg80IaKqVrS7i0ZESx3Y:6YpUPliuuYYutoTLJR533SoBg8bqxSJG

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks