Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    210a6896eb49fec7ecfa3aab1dfcb85106ca17df97b4a25af3f9a6539162e72dN.exe

  • Size

    3.8MB

  • Sample

    250110-1cq9pa1kcl

  • MD5

    55120e6a1b3212cc0b25d072d2299160

  • SHA1

    39c377d299c0fbccf6bd8acec0df267ad44b78ec

  • SHA256

    210a6896eb49fec7ecfa3aab1dfcb85106ca17df97b4a25af3f9a6539162e72d

  • SHA512

    d5b0a682dfba3e830b10662e7089930cca7443e8f4d604d68f1e93d85e139a2b4daed07bc45ce2d6933309449bf42d0e43ed34edd516a9cea5232b1a88ee8573

  • SSDEEP

    98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/q7:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSip

Malware Config

Targets

    • Target

      210a6896eb49fec7ecfa3aab1dfcb85106ca17df97b4a25af3f9a6539162e72dN.exe

    • Size

      3.8MB

    • MD5

      55120e6a1b3212cc0b25d072d2299160

    • SHA1

      39c377d299c0fbccf6bd8acec0df267ad44b78ec

    • SHA256

      210a6896eb49fec7ecfa3aab1dfcb85106ca17df97b4a25af3f9a6539162e72d

    • SHA512

      d5b0a682dfba3e830b10662e7089930cca7443e8f4d604d68f1e93d85e139a2b4daed07bc45ce2d6933309449bf42d0e43ed34edd516a9cea5232b1a88ee8573

    • SSDEEP

      98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/q7:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSip

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks