Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b

  • Size

    749KB

  • Sample

    221205-hcr7wadg52

  • MD5

    0fa0bc909e6d9e0bb7e698218d120876

  • SHA1

    497f99755892941b0633f1d8832a148829181903

  • SHA256

    e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b

  • SHA512

    1b16a3b25265c58adf10791058dff9d70170dcf87e6a442d565c152f18546273551b26b961d02214223be8629f36094c41b6f1d6353c62b93dce71d6fa6d460b

  • SSDEEP

    12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ56hyF:vZ1xuVVjfFoynPaVBUR8f+kN10EB0s

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

kwuized.no-ip.org:1337

Mutex

DC_MUTEX-QV66CVE

Attributes
  • InstallPath

    java32\java.exe

  • gencode

    5lCMhl74ZrH0

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    java

Targets

    • Target

      e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b

    • Size

      749KB

    • MD5

      0fa0bc909e6d9e0bb7e698218d120876

    • SHA1

      497f99755892941b0633f1d8832a148829181903

    • SHA256

      e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b

    • SHA512

      1b16a3b25265c58adf10791058dff9d70170dcf87e6a442d565c152f18546273551b26b961d02214223be8629f36094c41b6f1d6353c62b93dce71d6fa6d460b

    • SSDEEP

      12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ56hyF:vZ1xuVVjfFoynPaVBUR8f+kN10EB0s

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks