Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    83aaee69716dda7b17faa2d36ea38822_JaffaCakes118

  • Size

    912KB

  • Sample

    240809-1mx5zsvblg

  • MD5

    83aaee69716dda7b17faa2d36ea38822

  • SHA1

    12ba999ca951b9f2154ab388039c20e364e56b25

  • SHA256

    6547d234fd9c2d92380a8c60eaa0e30b0c253b20870d3eaafc371f51bd46303a

  • SHA512

    cff941de4e85adcdf62e3088c358a374b4f2ac5219a438663ebd7e84b1c0693532cda54ebae9b6f687ae582cea2c727f56be0744232f25f041cfeb807a2c584b

  • SSDEEP

    12288:m8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1r/re:zUKoN0bUxgGa/pfBHDb+y1L

Malware Config

Targets

    • Target

      83aaee69716dda7b17faa2d36ea38822_JaffaCakes118

    • Size

      912KB

    • MD5

      83aaee69716dda7b17faa2d36ea38822

    • SHA1

      12ba999ca951b9f2154ab388039c20e364e56b25

    • SHA256

      6547d234fd9c2d92380a8c60eaa0e30b0c253b20870d3eaafc371f51bd46303a

    • SHA512

      cff941de4e85adcdf62e3088c358a374b4f2ac5219a438663ebd7e84b1c0693532cda54ebae9b6f687ae582cea2c727f56be0744232f25f041cfeb807a2c584b

    • SSDEEP

      12288:m8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1r/re:zUKoN0bUxgGa/pfBHDb+y1L

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks