Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c

  • Size

    700KB

  • Sample

    221206-vabtbsef89

  • MD5

    bdf17ff679149c3b8149bb9a7f5b882c

  • SHA1

    1778fc7682d99c896da7e27328901a64763df2a3

  • SHA256

    e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c

  • SHA512

    19d27751fe0e35891173eef586247f67de15b75b0a659e52609dc31c0e0e760f4ad5f3242ca867d1760bb42f3ef9911c1bc1289e412c7e491986a9d8208797a2

  • SSDEEP

    12288:vbKlFwfZCvqTtABYhuQF0bFtNU9jPldHNnJ9Is7rG5C37TZHXxFnrxO+uNUqx:vb4wfZdTts8uQeuJR8d5uTrZA/x

Malware Config

Targets

    • Target

      e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c

    • Size

      700KB

    • MD5

      bdf17ff679149c3b8149bb9a7f5b882c

    • SHA1

      1778fc7682d99c896da7e27328901a64763df2a3

    • SHA256

      e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c

    • SHA512

      19d27751fe0e35891173eef586247f67de15b75b0a659e52609dc31c0e0e760f4ad5f3242ca867d1760bb42f3ef9911c1bc1289e412c7e491986a9d8208797a2

    • SSDEEP

      12288:vbKlFwfZCvqTtABYhuQF0bFtNU9jPldHNnJ9Is7rG5C37TZHXxFnrxO+uNUqx:vb4wfZdTts8uQeuJR8d5uTrZA/x

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks