Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c30305376703231413e1ce49b4b5f9da_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240826-pt4qkatfkg

  • MD5

    c30305376703231413e1ce49b4b5f9da

  • SHA1

    b6d521817310336a99d891df1966dc0326384352

  • SHA256

    1dae4315cb8643e99e9d8fd908d09bcc90d72753ac0678b79f012388d0fb07c7

  • SHA512

    aa282c07fd9e4876f796064e226be059b1caeadc4905bbbd7625d1a71f17b9131a9614e2dd9e336d8b59022e322650b7cca4b78a4e47e5c4063e2be8c8aa6861

  • SSDEEP

    24576:7M8/F06+lzHBIiDJS6wkfHi/vm93i7P+d18nDTcwxkXAhvHe:PFzIHpi29ya1gcwdQ

Malware Config

Extracted

Family

darkcomet

Botnet

Malakas

C2

freskoskato.zapto.org:3030

Mutex

DCMIN_MUTEX-WKAQQJ6

Attributes
  • gencode

    x6lGBwQztFAB

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Extracted

Family

latentbot

C2

freskoskato.zapto.org

Targets

    • Target

      c30305376703231413e1ce49b4b5f9da_JaffaCakes118

    • Size

      1.2MB

    • MD5

      c30305376703231413e1ce49b4b5f9da

    • SHA1

      b6d521817310336a99d891df1966dc0326384352

    • SHA256

      1dae4315cb8643e99e9d8fd908d09bcc90d72753ac0678b79f012388d0fb07c7

    • SHA512

      aa282c07fd9e4876f796064e226be059b1caeadc4905bbbd7625d1a71f17b9131a9614e2dd9e336d8b59022e322650b7cca4b78a4e47e5c4063e2be8c8aa6861

    • SSDEEP

      24576:7M8/F06+lzHBIiDJS6wkfHi/vm93i7P+d18nDTcwxkXAhvHe:PFzIHpi29ya1gcwdQ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.