Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    easy_Malicious_18002e1b1d29f91ca895ea6ed641bda48f9d8f7b596e4642122dfca1b7a6c34c.exe

  • Size

    658KB

  • Sample

    230704-sk93rsga7t

  • MD5

    4929db096defe721914b1faf417aab61

  • SHA1

    f8da6a23e153f40c8a89f20c5ea857ffbebf1fab

  • SHA256

    ae4fa42de7213a4504a26549a101a884708328987618b4d63725d4504471cddc

  • SHA512

    347e073cb104aa90e8662dd54ca373d8020975206ed36426f822d95efce3846319435155268d4821cc4f6cbba1248657154780593623771cc65ba1a66f38f0b0

  • SSDEEP

    12288:29HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFF:SiBIGkbxqEcjsWiDxguehC2SW

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

All

C2

192.168.41.1:1604

Mutex

DC_MUTEX-47UZCQB

Attributes
  • gencode

    Fp87tWpxW5mD

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      easy_Malicious_18002e1b1d29f91ca895ea6ed641bda48f9d8f7b596e4642122dfca1b7a6c34c.exe

    • Size

      658KB

    • MD5

      4929db096defe721914b1faf417aab61

    • SHA1

      f8da6a23e153f40c8a89f20c5ea857ffbebf1fab

    • SHA256

      ae4fa42de7213a4504a26549a101a884708328987618b4d63725d4504471cddc

    • SHA512

      347e073cb104aa90e8662dd54ca373d8020975206ed36426f822d95efce3846319435155268d4821cc4f6cbba1248657154780593623771cc65ba1a66f38f0b0

    • SSDEEP

      12288:29HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFF:SiBIGkbxqEcjsWiDxguehC2SW

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks