Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    633ea3f02e5af0b944e262579a0bd104_JaffaCakes118

  • Size

    960KB

  • Sample

    240722-p26j5ayfpp

  • MD5

    633ea3f02e5af0b944e262579a0bd104

  • SHA1

    f026dab6d57a0c91fc50426ad6eb302df3ade9cf

  • SHA256

    2c4ec961cbfbd97190b73e8825c3326f343f0efcfea615fb88f7de48ff693b7f

  • SHA512

    e81bbf4cf79a4d01dcb98d43e9c3ca20b118eda23d5b2567017df1f95302c92cef12ff133ef580418a9196a881321fa1cca68990b0da19521f0e2647b8793a04

  • SSDEEP

    24576:QnHwA5D5D+iR6zhgqEgPjpdsUowULHGiYKm8:KV7LkCUoNHc8

Malware Config

Targets

    • Target

      633ea3f02e5af0b944e262579a0bd104_JaffaCakes118

    • Size

      960KB

    • MD5

      633ea3f02e5af0b944e262579a0bd104

    • SHA1

      f026dab6d57a0c91fc50426ad6eb302df3ade9cf

    • SHA256

      2c4ec961cbfbd97190b73e8825c3326f343f0efcfea615fb88f7de48ff693b7f

    • SHA512

      e81bbf4cf79a4d01dcb98d43e9c3ca20b118eda23d5b2567017df1f95302c92cef12ff133ef580418a9196a881321fa1cca68990b0da19521f0e2647b8793a04

    • SSDEEP

      24576:QnHwA5D5D+iR6zhgqEgPjpdsUowULHGiYKm8:KV7LkCUoNHc8

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks