Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6066cfb29d30fcfd378756689356a17b_JaffaCakes118

  • Size

    991KB

  • Sample

    240720-3dk56ssaqr

  • MD5

    6066cfb29d30fcfd378756689356a17b

  • SHA1

    0a4b8853dd77b40337b72a86fd442fdc140536cb

  • SHA256

    2dd2c91ea40de217bffbdb19e486ca7ee4982899629547e7ce99dbf78227bf3e

  • SHA512

    4ba4bf6ab166a6a2783b4233f5f960840af76d392fb0569e7332c8fedf86107d78866cf27545736bc0db6be2dd11da87d2e665278a9471e4d4424046a0cfad7f

  • SSDEEP

    24576:jv/3dAziFlchLJx3lrJSK1F3GbnX2bV8tSyh7T:7Pmi0VJGbnX2ZISyh7

Malware Config

Extracted

Family

darkcomet

Botnet

TLTK beta

C2

doggy55.no-ip.biz:100

Mutex

DC_MUTEX-KB7PYAN

Attributes
  • gencode

    n2WR1MWQbhwe

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6066cfb29d30fcfd378756689356a17b_JaffaCakes118

    • Size

      991KB

    • MD5

      6066cfb29d30fcfd378756689356a17b

    • SHA1

      0a4b8853dd77b40337b72a86fd442fdc140536cb

    • SHA256

      2dd2c91ea40de217bffbdb19e486ca7ee4982899629547e7ce99dbf78227bf3e

    • SHA512

      4ba4bf6ab166a6a2783b4233f5f960840af76d392fb0569e7332c8fedf86107d78866cf27545736bc0db6be2dd11da87d2e665278a9471e4d4424046a0cfad7f

    • SSDEEP

      24576:jv/3dAziFlchLJx3lrJSK1F3GbnX2bV8tSyh7T:7Pmi0VJGbnX2ZISyh7

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks