Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7467600344ecd69e3b51b02ff361c880

  • Size

    1.9MB

  • Sample

    240125-l26y4sebcr

  • MD5

    7467600344ecd69e3b51b02ff361c880

  • SHA1

    aca0a966cc25accdb18db700be03ed8aa7d2b4b2

  • SHA256

    9d5a84fe325937581908b7795d4953678d709d7317de7da4e9c0736a3e0ff513

  • SHA512

    d7d2eb85d715ce4276f4b1fced95727ff9615b5cbc87790de5b63b426cc42b9ffe451b373962a21cd2ccfc4aa78ac3e8870f16f1dc945424642920b1ecab6053

  • SSDEEP

    49152:/JZoQrbTFZY1iaY61p3Faa3swyymhOzFv+p8YL6fjzMVrs1Ko0AZWZ:/trbTA1TBWtGLiYiV

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

davidcz.no-ip.org:1604

Mutex

DC_MUTEX-76KHYQT

Attributes
  • gencode

    EiNiCx44oAXb

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7467600344ecd69e3b51b02ff361c880

    • Size

      1.9MB

    • MD5

      7467600344ecd69e3b51b02ff361c880

    • SHA1

      aca0a966cc25accdb18db700be03ed8aa7d2b4b2

    • SHA256

      9d5a84fe325937581908b7795d4953678d709d7317de7da4e9c0736a3e0ff513

    • SHA512

      d7d2eb85d715ce4276f4b1fced95727ff9615b5cbc87790de5b63b426cc42b9ffe451b373962a21cd2ccfc4aa78ac3e8870f16f1dc945424642920b1ecab6053

    • SSDEEP

      49152:/JZoQrbTFZY1iaY61p3Faa3swyymhOzFv+p8YL6fjzMVrs1Ko0AZWZ:/trbTA1TBWtGLiYiV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks