Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cf87d7e808...18.exe

windows7-x64

10

cf87d7e808...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf87d7e808faec9cfd1d2dc39a80d634_JaffaCakes118

  • Size

    756KB

  • Sample

    241206-29ccgasrdv

  • MD5

    cf87d7e808faec9cfd1d2dc39a80d634

  • SHA1

    43aa7194671f56326b06df68662994e8c5b2901e

  • SHA256

    f593910c588856c47056520d2edf93ebd4bd9ae9c68205d657aac26276d65e82

  • SHA512

    cb6b840b6b3896133f0a0dda6ee836cab7b9f8ab7e790853340e079db7800636a55285b05701f9c4cc8d68db38d40a8c78c2d28566b5395a767706a1d20b66c4

  • SSDEEP

    12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hdrzm:uZ1xuVVjfFoynPaVBUR8f+kN10EB3zm

Score
10/10
darkcometfarcry 3discoveryevasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

farcry 3

C2

127.0.0.1:1604

stalker91.no-ip.org:1604
Mutex

DC_MUTEX-E9CMGU0

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    tXYkPC1ntx3C

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      cf87d7e808faec9cfd1d2dc39a80d634_JaffaCakes118

    • Size

      756KB

    • MD5

      cf87d7e808faec9cfd1d2dc39a80d634

    • SHA1

      43aa7194671f56326b06df68662994e8c5b2901e

    • SHA256

      f593910c588856c47056520d2edf93ebd4bd9ae9c68205d657aac26276d65e82

    • SHA512

      cb6b840b6b3896133f0a0dda6ee836cab7b9f8ab7e790853340e079db7800636a55285b05701f9c4cc8d68db38d40a8c78c2d28566b5395a767706a1d20b66c4

    • SSDEEP

      12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hdrzm:uZ1xuVVjfFoynPaVBUR8f+kN10EB3zm

    Score
    10/10
    darkcometfarcry 3discoveryevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.