Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbeb96fb1e02d1f50a6d5319ec6eb460N.exe

  • Size

    284KB

  • Sample

    240905-whn93axbne

  • MD5

    cbeb96fb1e02d1f50a6d5319ec6eb460

  • SHA1

    d8e56d7321936f1b8aae77bb66ef16751f421dd7

  • SHA256

    1aa212eb78cdffde7c302f586ce3d2849d79914f428f56988ee759c790604bb5

  • SHA512

    be390a0e77480840d337b5417492eac468c43bb1c31a55e5051505c7c0315e8d1bbcd9b2163077d6a0b79393219b82159ed96cdae59354b48a5a0a9ba2c8ddbe

  • SSDEEP

    6144:PtqYGLbcMQgKO3HTOnNRS4O23Ra/MzxDnunDbu:Ptqx5KO3zONkpwRGMNDEO

Malware Config

Targets

    • Target

      cbeb96fb1e02d1f50a6d5319ec6eb460N.exe

    • Size

      284KB

    • MD5

      cbeb96fb1e02d1f50a6d5319ec6eb460

    • SHA1

      d8e56d7321936f1b8aae77bb66ef16751f421dd7

    • SHA256

      1aa212eb78cdffde7c302f586ce3d2849d79914f428f56988ee759c790604bb5

    • SHA512

      be390a0e77480840d337b5417492eac468c43bb1c31a55e5051505c7c0315e8d1bbcd9b2163077d6a0b79393219b82159ed96cdae59354b48a5a0a9ba2c8ddbe

    • SSDEEP

      6144:PtqYGLbcMQgKO3HTOnNRS4O23Ra/MzxDnunDbu:Ptqx5KO3zONkpwRGMNDEO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks