Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3d1ce595f1eacd25441e99add7e13df_JaffaCakes118

  • Size

    514KB

  • Sample

    240908-h3bb2svfqe

  • MD5

    d3d1ce595f1eacd25441e99add7e13df

  • SHA1

    90cb1fe599fd4b23c0a49a621d8e0d4a0096c0cc

  • SHA256

    04c4273a676b0f8b6f556f4dd174545c68543efc6b642191d0a9fd7a763552b0

  • SHA512

    7a22d1e3df68582e90d8354b7a98eca24ace2063769cd6e0b54847ea109416e4b911cf5cfd3e2e675644a65ae29a28163510644d71936a4428cddb914101c630

  • SSDEEP

    12288:dKrm+GCRQuXpTMhzXjv3PYWnuRBHUPFRcKrm+GD9TXpT77KEuRB6qZ:dKrmBoXXp0zXDfTkBfKrmBDBXpH+JBLZ

Malware Config

Targets

    • Target

      Luring Guide/How to Talk.exe

    • Size

      659KB

    • MD5

      3381ffcf9e5796866d4796dadd6edc1b

    • SHA1

      fc8d536d5b721ce71586200cc919430564bbb587

    • SHA256

      143a6b9b16db9eaa0228465d6f2429f9843af8a4fa5f68bd94bfcdc12106783a

    • SHA512

      1193344898a5e457f05d38fd0c9b7894da085805372261fd1cac48c0d092834d9aa633e6d71789b6f1b0d5dbdf33336e10a9c45c0319299dc43958ae0d12591f

    • SSDEEP

      12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK0:3AQ6Zx9cxTmOrucTIEFSpOGV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      Luring Guide/How to Talk.lnk

    • Size

      728B

    • MD5

      f0a43473534e505d3d65e38af3319193

    • SHA1

      2833e1388335f287c0774d277c5f1da71191073e

    • SHA256

      24d3f0d03b5ce33dbe90db68026d3c971f4e1f13d6b8624f13500642ac3156e1

    • SHA512

      b86dbe24bf0a4e73c612daff6c6755102b0d045876fcd7ecd7e3c34472f6e5208096cb8f7463dc4e46e9d85e7cba6993e7526b63ce4b579d9d6ee186a6004857

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      Luring Guide/The Guide.exe

    • Size

      659KB

    • MD5

      3381ffcf9e5796866d4796dadd6edc1b

    • SHA1

      fc8d536d5b721ce71586200cc919430564bbb587

    • SHA256

      143a6b9b16db9eaa0228465d6f2429f9843af8a4fa5f68bd94bfcdc12106783a

    • SHA512

      1193344898a5e457f05d38fd0c9b7894da085805372261fd1cac48c0d092834d9aa633e6d71789b6f1b0d5dbdf33336e10a9c45c0319299dc43958ae0d12591f

    • SSDEEP

      12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK0:3AQ6Zx9cxTmOrucTIEFSpOGV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      Luring Guide/The Guide.lnk

    • Size

      718B

    • MD5

      c5d61523c7af8f94f0e9b9ff675f1e01

    • SHA1

      5c7b46700540de235d212a51888d010216b866d7

    • SHA256

      36cde904acddb204272640ec153e8e8e0c02a9e44827f7486583d2e2d99d0f2c

    • SHA512

      08c78e6eaa2a710d74f1e5b12c852cca3f5af0accb484c22ab968a3414ebc022e12290f2b66996b28ea1a4121f14dd942acf3d9cad9cf572e4c658de033d09d8

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks