Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4effdae64132f9f253179edb746ad39_JaffaCakes118

  • Size

    759KB

  • Sample

    241212-gbxkjaslht

  • MD5

    e4effdae64132f9f253179edb746ad39

  • SHA1

    830f1267ace003b18c3f92316d4051eab618cb65

  • SHA256

    441e0e8d70c611cb217d66ed4371ecf431620338441547d173547f8a897260df

  • SHA512

    522214a265a30fc8ee5632178829380f672433e481441fd617980d7ab36aa5b61f17058ed715399a182f9134e081b134d01872461e49c48664d114330adc09a4

  • SSDEEP

    12288:L46hnWJ6jINMlXVe+LEE1oJDu0sHY1b98Wl8E4w5huat7UovONzbXwnjoEFEG:LPeMGwsJ60IY3dhHwNzbXq/j

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

192.168.0.100:1604

99.241.109.24:1604

joinme.no-ip.biz:1604

Mutex

DC_MUTEX-10AJJXB

Attributes
  • gencode

    KFKw3CPq7lsj

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e4effdae64132f9f253179edb746ad39_JaffaCakes118

    • Size

      759KB

    • MD5

      e4effdae64132f9f253179edb746ad39

    • SHA1

      830f1267ace003b18c3f92316d4051eab618cb65

    • SHA256

      441e0e8d70c611cb217d66ed4371ecf431620338441547d173547f8a897260df

    • SHA512

      522214a265a30fc8ee5632178829380f672433e481441fd617980d7ab36aa5b61f17058ed715399a182f9134e081b134d01872461e49c48664d114330adc09a4

    • SSDEEP

      12288:L46hnWJ6jINMlXVe+LEE1oJDu0sHY1b98Wl8E4w5huat7UovONzbXwnjoEFEG:LPeMGwsJ60IY3dhHwNzbXq/j

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks