Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_6175fb4ce25460dbcaa710d318bd8220
-
Size
658KB
-
Sample
250102-aep7astrck
-
MD5
6175fb4ce25460dbcaa710d318bd8220
-
SHA1
8439e1e22da15221b0f853c49ec835e341d632f2
-
SHA256
4b5b3bcf64bf987609edccc18ac229d0d77885433c509dc77e75720654180f09
-
SHA512
31f4f7c81ea924cc48ca76dfadcc78eddd08947058a94528d9acca6e572bcf68a074a523df7d9daf89611027668037a37951727d65c05108108a7c8953f41cd0
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBd
Malware Config
Extracted
darkcomet
Guest16_min
hani12345.zapto.org:1604
DCMIN_MUTEX-MM0CEU6
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
cD076TjWElhu
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
JaffaCakes118_6175fb4ce25460dbcaa710d318bd8220
-
Size
658KB
-
MD5
6175fb4ce25460dbcaa710d318bd8220
-
SHA1
8439e1e22da15221b0f853c49ec835e341d632f2
-
SHA256
4b5b3bcf64bf987609edccc18ac229d0d77885433c509dc77e75720654180f09
-
SHA512
31f4f7c81ea924cc48ca76dfadcc78eddd08947058a94528d9acca6e572bcf68a074a523df7d9daf89611027668037a37951727d65c05108108a7c8953f41cd0
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBd
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1