Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c1c6c201307242638ffc788b552d21bd

  • Size

    324KB

  • Sample

    240311-2hlrtsgd2x

  • MD5

    c1c6c201307242638ffc788b552d21bd

  • SHA1

    e95c3964616350e2a3a4befcb1161f81ccc862b0

  • SHA256

    4a2e8d14e328f85caabf161fa5a0d93923ca1b21e68504203b1eafd7356f6eae

  • SHA512

    67ff40c06ca90676197ee159f4a8ec6522f61e76a1842e5671b4c1b0a8a3c752772392352a4560116d038fa9c8063af427014643f1e6cbcbd725f39f7a58da66

  • SSDEEP

    3072:LiU+USlfpCOiCh5CvANNuij7uIPeYbRcnbbkkwqzd3+haW1oGUEpKR8JjuQsi2x2:KdRiQxNNuEPeY1kf8L1XU7m2Ut4ZU

Malware Config

Extracted

Family

darkcomet

Botnet

Zeuses

C2

ds.hsbc.com.al:1604

ds.fbi.al:1604

Mutex

DC_MUTEX-M0J2EA1

Attributes
  • gencode

    3GfsH989aKxQ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      c1c6c201307242638ffc788b552d21bd

    • Size

      324KB

    • MD5

      c1c6c201307242638ffc788b552d21bd

    • SHA1

      e95c3964616350e2a3a4befcb1161f81ccc862b0

    • SHA256

      4a2e8d14e328f85caabf161fa5a0d93923ca1b21e68504203b1eafd7356f6eae

    • SHA512

      67ff40c06ca90676197ee159f4a8ec6522f61e76a1842e5671b4c1b0a8a3c752772392352a4560116d038fa9c8063af427014643f1e6cbcbd725f39f7a58da66

    • SSDEEP

      3072:LiU+USlfpCOiCh5CvANNuij7uIPeYbRcnbbkkwqzd3+haW1oGUEpKR8JjuQsi2x2:KdRiQxNNuEPeY1kf8L1XU7m2Ut4ZU

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks