Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2a7e321b570eb2d1da85e69873cef59a8da503853450a3301c0486ed1690b58d
-
Size
1.7MB
-
Sample
250313-1vv1latxes
-
MD5
657c459103c56deacd291dd0511e798f
-
SHA1
38af9361c5e7e4a357d72496309f82cea118f95d
-
SHA256
2a7e321b570eb2d1da85e69873cef59a8da503853450a3301c0486ed1690b58d
-
SHA512
952b7f5582da092356f18c61ace3dff08dc0cb2614645b834a268d7fb42c89dd335e320935d3efe9f3b6d598db62af814dfca73444e094baa6b43297eef126cd
-
SSDEEP
24576:cl77xk/v8zBbP+BSiahTtI65nHl75Dp8Hnh5I+Oks/bGFwNr/gG+A+x5YYAd1KrK:i6/vGqahTas1Qnh5I+k/gGMPA0Pof
Malware Config
Extracted
darkcomet
Guest16
xfuego.no-ip.org:22
DC_MUTEX-C7W49TJ
-
InstallPath
Windupdt\winupdate.exe
-
gencode
�h8Jc*c9�rVq
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
2a7e321b570eb2d1da85e69873cef59a8da503853450a3301c0486ed1690b58d
-
Size
1.7MB
-
MD5
657c459103c56deacd291dd0511e798f
-
SHA1
38af9361c5e7e4a357d72496309f82cea118f95d
-
SHA256
2a7e321b570eb2d1da85e69873cef59a8da503853450a3301c0486ed1690b58d
-
SHA512
952b7f5582da092356f18c61ace3dff08dc0cb2614645b834a268d7fb42c89dd335e320935d3efe9f3b6d598db62af814dfca73444e094baa6b43297eef126cd
-
SSDEEP
24576:cl77xk/v8zBbP+BSiahTtI65nHl75Dp8Hnh5I+Oks/bGFwNr/gG+A+x5YYAd1KrK:i6/vGqahTas1Qnh5I+k/gGMPA0Pof
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1