Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
091a6024f53e944b4c478d3e5d9191e9_JaffaCakes118
-
Size
839KB
-
Sample
241002-f5p7wayhrj
-
MD5
091a6024f53e944b4c478d3e5d9191e9
-
SHA1
2c3617dd65a6132cddebcf2ea956d4e6da073bd3
-
SHA256
9d28cbfb904deaa87d0cfb177a87d33326675657ce4945eb5e274bbdb9635c5e
-
SHA512
0f41152d58b3da46c1d580fea4a1337766d83f9a6a33c758f35fdfb2283280f1f09babf907ec45a5548211d4e560828f8da6a2554552ff36946023a769a27b22
-
SSDEEP
24576:EN77xpFgbAPuOry7iOA+rtC0Oii78URBsmOCfpzCb/ebn61qM2:EIbARr0i+OfsURV
Malware Config
Targets
-
-
Target
091a6024f53e944b4c478d3e5d9191e9_JaffaCakes118
-
Size
839KB
-
MD5
091a6024f53e944b4c478d3e5d9191e9
-
SHA1
2c3617dd65a6132cddebcf2ea956d4e6da073bd3
-
SHA256
9d28cbfb904deaa87d0cfb177a87d33326675657ce4945eb5e274bbdb9635c5e
-
SHA512
0f41152d58b3da46c1d580fea4a1337766d83f9a6a33c758f35fdfb2283280f1f09babf907ec45a5548211d4e560828f8da6a2554552ff36946023a769a27b22
-
SSDEEP
24576:EN77xpFgbAPuOry7iOA+rtC0Oii78URBsmOCfpzCb/ebn61qM2:EIbARr0i+OfsURV
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1