Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74a9f7ac76250c6eb9d0c674a4249c92

  • Size

    426KB

  • Sample

    240125-pbjbxagbaj

  • MD5

    74a9f7ac76250c6eb9d0c674a4249c92

  • SHA1

    8c544f4df935bbb9c13e8c88359497f134e47abd

  • SHA256

    45f13c2ef9560816343176cce689c89e8a1fcd48e021b71093b56d19cb3c947b

  • SHA512

    e4476f5c1792f9361ee5f53968b3f1abbd8b012c3f0cc47580565a54b5b41d12edb29aa0cd4fbe5e08e7d20a1175b891c37e58fa908aa5737c84cbb8bbdb2d25

  • SSDEEP

    12288:6Tij6aV7gcz/cWCrR46sYjtyW3Ydi7N0+u21j6c769k:66lNcWCtpsYjtyOwgF1OK6W

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

basel1234.no-ip.biz:81

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    LSspVhv0MBT2

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      74a9f7ac76250c6eb9d0c674a4249c92

    • Size

      426KB

    • MD5

      74a9f7ac76250c6eb9d0c674a4249c92

    • SHA1

      8c544f4df935bbb9c13e8c88359497f134e47abd

    • SHA256

      45f13c2ef9560816343176cce689c89e8a1fcd48e021b71093b56d19cb3c947b

    • SHA512

      e4476f5c1792f9361ee5f53968b3f1abbd8b012c3f0cc47580565a54b5b41d12edb29aa0cd4fbe5e08e7d20a1175b891c37e58fa908aa5737c84cbb8bbdb2d25

    • SSDEEP

      12288:6Tij6aV7gcz/cWCrR46sYjtyW3Ydi7N0+u21j6c769k:66lNcWCtpsYjtyOwgF1OK6W

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks