Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    303c53ba943a5dd63862c63fc486275f_JaffaCakes118

  • Size

    811KB

  • Sample

    240709-nv1vmatgph

  • MD5

    303c53ba943a5dd63862c63fc486275f

  • SHA1

    7f43b48a5da3d486bd2d3f0ac98d72c17e4383e5

  • SHA256

    93ce8882c399953b4f335d27f205a0974d738281f3e2321f94cc56004d99993c

  • SHA512

    3907813045b15785d160cb7bffdd16a99b636d3d4b58f356a69c409ca12e0187e6670c80c7344db9da440890d8b0c8a092775837e6534f088380305045586dc4

  • SSDEEP

    12288:LCCMiL/Ff0KY5nFGoPSaq15JgL41E2810334XpBTIAQO4tYqNU7jatO9yo87Iwnc:LCVW8znQoPSbGLWipiAQxYBC7IwnPy8

Malware Config

Targets

    • Target

      303c53ba943a5dd63862c63fc486275f_JaffaCakes118

    • Size

      811KB

    • MD5

      303c53ba943a5dd63862c63fc486275f

    • SHA1

      7f43b48a5da3d486bd2d3f0ac98d72c17e4383e5

    • SHA256

      93ce8882c399953b4f335d27f205a0974d738281f3e2321f94cc56004d99993c

    • SHA512

      3907813045b15785d160cb7bffdd16a99b636d3d4b58f356a69c409ca12e0187e6670c80c7344db9da440890d8b0c8a092775837e6534f088380305045586dc4

    • SSDEEP

      12288:LCCMiL/Ff0KY5nFGoPSaq15JgL41E2810334XpBTIAQO4tYqNU7jatO9yo87Iwnc:LCVW8znQoPSbGLWipiAQxYBC7IwnPy8

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks