Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_a12a55725a718d2a60609ee4abbbb445
-
Size
902KB
-
Sample
250205-s6pnysvkhm
-
MD5
a12a55725a718d2a60609ee4abbbb445
-
SHA1
d429ca448c7ac0363280c10d82e36f92beff2614
-
SHA256
8928b45380323bdcfd83430c2f76bd5ea9b5d011b4b3c4e575dc13d98cb04f5d
-
SHA512
71730d78380a1bc455ec3e0eceb191041b8e64e8abf400f02b898e995d8f89574751c69ab8c4a42527469b78f661271aad652cfc063688401257a129c54cbe90
-
SSDEEP
12288:lZKhDHZODNZyY5qMeR59vz9jflkMY0rLnY9L73iW:8D5ONZyY5Fe39zHkMDrLY57SW
Malware Config
Extracted
darkcomet
1.2
ahmedb123.no-ip.info:100
DCMIN_MUTEX-78CGXEQ
-
gencode
lcvuN82zr4Gu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_a12a55725a718d2a60609ee4abbbb445
-
Size
902KB
-
MD5
a12a55725a718d2a60609ee4abbbb445
-
SHA1
d429ca448c7ac0363280c10d82e36f92beff2614
-
SHA256
8928b45380323bdcfd83430c2f76bd5ea9b5d011b4b3c4e575dc13d98cb04f5d
-
SHA512
71730d78380a1bc455ec3e0eceb191041b8e64e8abf400f02b898e995d8f89574751c69ab8c4a42527469b78f661271aad652cfc063688401257a129c54cbe90
-
SSDEEP
12288:lZKhDHZODNZyY5qMeR59vz9jflkMY0rLnY9L73iW:8D5ONZyY5Fe39zHkMDrLY57SW
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1