Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02

  • Size

    820KB

  • Sample

    221205-mezf7aae74

  • MD5

    4408d904c304c3becc5b3f28b9fd2b62

  • SHA1

    741db1ee6c9dd4daa862c531d4194b2745aa2789

  • SHA256

    a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02

  • SHA512

    ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32

  • SSDEEP

    12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq

Malware Config

Targets

    • Target

      a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02

    • Size

      820KB

    • MD5

      4408d904c304c3becc5b3f28b9fd2b62

    • SHA1

      741db1ee6c9dd4daa862c531d4194b2745aa2789

    • SHA256

      a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02

    • SHA512

      ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32

    • SSDEEP

      12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks