Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba480da41b6ec6f00fc0d7caf9f11cb3_JaffaCakes118

  • Size

    880KB

  • Sample

    240823-emr33swhnm

  • MD5

    ba480da41b6ec6f00fc0d7caf9f11cb3

  • SHA1

    f924f6baa35057ea88154faed0213c154eadcfa0

  • SHA256

    47256456d9897ef71eb4a944fbde08aa388aabb85645b5b79ba6dc0c9a106124

  • SHA512

    adfa3b2c264d1bcfa82e2d94187a073905cfe55aa08690a1d9e79d9a6a8bc7fe523e49d8bcbd43beec5ab62e26c558e57e7ff72e46d1aa5973fd77d5a39a0b9f

  • SSDEEP

    24576:9+6LCb7OdjFbdRGe9PiuImyEaNCXhgtNz5WhCdSjD4kbQsbq7480/uSUsQ6F:9pnCe9qIeNCqfb4j1bT

Malware Config

Targets

    • Target

      ba480da41b6ec6f00fc0d7caf9f11cb3_JaffaCakes118

    • Size

      880KB

    • MD5

      ba480da41b6ec6f00fc0d7caf9f11cb3

    • SHA1

      f924f6baa35057ea88154faed0213c154eadcfa0

    • SHA256

      47256456d9897ef71eb4a944fbde08aa388aabb85645b5b79ba6dc0c9a106124

    • SHA512

      adfa3b2c264d1bcfa82e2d94187a073905cfe55aa08690a1d9e79d9a6a8bc7fe523e49d8bcbd43beec5ab62e26c558e57e7ff72e46d1aa5973fd77d5a39a0b9f

    • SSDEEP

      24576:9+6LCb7OdjFbdRGe9PiuImyEaNCXhgtNz5WhCdSjD4kbQsbq7480/uSUsQ6F:9pnCe9qIeNCqfb4j1bT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks