Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    091a6024f53e944b4c478d3e5d9191e9_JaffaCakes118

  • Size

    839KB

  • Sample

    241002-f5p7wayhrj

  • MD5

    091a6024f53e944b4c478d3e5d9191e9

  • SHA1

    2c3617dd65a6132cddebcf2ea956d4e6da073bd3

  • SHA256

    9d28cbfb904deaa87d0cfb177a87d33326675657ce4945eb5e274bbdb9635c5e

  • SHA512

    0f41152d58b3da46c1d580fea4a1337766d83f9a6a33c758f35fdfb2283280f1f09babf907ec45a5548211d4e560828f8da6a2554552ff36946023a769a27b22

  • SSDEEP

    24576:EN77xpFgbAPuOry7iOA+rtC0Oii78URBsmOCfpzCb/ebn61qM2:EIbARr0i+OfsURV

Malware Config

Targets

    • Target

      091a6024f53e944b4c478d3e5d9191e9_JaffaCakes118

    • Size

      839KB

    • MD5

      091a6024f53e944b4c478d3e5d9191e9

    • SHA1

      2c3617dd65a6132cddebcf2ea956d4e6da073bd3

    • SHA256

      9d28cbfb904deaa87d0cfb177a87d33326675657ce4945eb5e274bbdb9635c5e

    • SHA512

      0f41152d58b3da46c1d580fea4a1337766d83f9a6a33c758f35fdfb2283280f1f09babf907ec45a5548211d4e560828f8da6a2554552ff36946023a769a27b22

    • SSDEEP

      24576:EN77xpFgbAPuOry7iOA+rtC0Oii78URBsmOCfpzCb/ebn61qM2:EIbARr0i+OfsURV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks