Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10d700856bd588b648157041acce8038_JaffaCakes118

  • Size

    747KB

  • Sample

    241003-22a5fa1glj

  • MD5

    10d700856bd588b648157041acce8038

  • SHA1

    7d1504a02c203e52d7125026a50948cb2caa9549

  • SHA256

    d3cda4032aea5109741bb2c6472ae849b53105cfe3227782833b7424cb348416

  • SHA512

    b14a839e5c491a39994f405163dae6716723735b28c02c0d6694955bad4a4019429d95b804fdb006157733547b83977a24a73db90551a5763d7253131098569d

  • SSDEEP

    12288:ck0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+H:90QRWoJEfg0oChGdJQbjPbNW5tYeP+GK

Malware Config

Extracted

Family

darkcomet

Botnet

Hacked

C2

mrhacking.no-ip.info:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    0J8mwKswKmMK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      10d700856bd588b648157041acce8038_JaffaCakes118

    • Size

      747KB

    • MD5

      10d700856bd588b648157041acce8038

    • SHA1

      7d1504a02c203e52d7125026a50948cb2caa9549

    • SHA256

      d3cda4032aea5109741bb2c6472ae849b53105cfe3227782833b7424cb348416

    • SHA512

      b14a839e5c491a39994f405163dae6716723735b28c02c0d6694955bad4a4019429d95b804fdb006157733547b83977a24a73db90551a5763d7253131098569d

    • SSDEEP

      12288:ck0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+H:90QRWoJEfg0oChGdJQbjPbNW5tYeP+GK

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks