Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147

  • Size

    999KB

  • Sample

    221205-pcdstaha89

  • MD5

    2e2db5e73ab5e187b4ed49f0382b8b91

  • SHA1

    890531ff8a5c492a7624854dc8c124e6cf9d38ca

  • SHA256

    9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147

  • SHA512

    3ba7f26bc8f5706012301fc14f79803c0e6987d2d81680fa959fda1dcbfa060a2fee2e61fd9729ba581f08d26c484eb521a69a185c674b7dcdf7c4c55102f3bb

  • SSDEEP

    12288:M6+GEHHrs3wo5Y/FtqyNzN/0gAhqNOAk55L3KFNqxLenk:M6NEHHrs36FN/0gpNOAkAO0k

Malware Config

Targets

    • Target

      9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147

    • Size

      999KB

    • MD5

      2e2db5e73ab5e187b4ed49f0382b8b91

    • SHA1

      890531ff8a5c492a7624854dc8c124e6cf9d38ca

    • SHA256

      9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147

    • SHA512

      3ba7f26bc8f5706012301fc14f79803c0e6987d2d81680fa959fda1dcbfa060a2fee2e61fd9729ba581f08d26c484eb521a69a185c674b7dcdf7c4c55102f3bb

    • SSDEEP

      12288:M6+GEHHrs3wo5Y/FtqyNzN/0gAhqNOAk55L3KFNqxLenk:M6NEHHrs36FN/0gpNOAkAO0k

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks