Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_724b745767eb299f982fc781c35237a9
-
Size
1.1MB
-
Sample
250313-2jbm9avsev
-
MD5
724b745767eb299f982fc781c35237a9
-
SHA1
8e4b9c069b5f69d4824d768239e468bac36dc23d
-
SHA256
1b5fc2c4f44fcd648bc5857b6efe302817e5ce1e75e15d196bb9910107c99fcc
-
SHA512
8c292f366c398c6eff532c67859f3869bcbc2c00632689e30ebea424a4010cb73074cb93bd77c5865357123e53e174b00f8a916e968d568ba920f6f10b2edaf5
-
SSDEEP
24576:FbptUZveEPJ1IG5tit60xD53XusT5chPZ2k:FvUsQ1Jnit6sNoR
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
testconnect.no-ip.org:16006
DC_MUTEX-84PNHZ0
-
gencode
udafyT70VUoT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_724b745767eb299f982fc781c35237a9
-
Size
1.1MB
-
MD5
724b745767eb299f982fc781c35237a9
-
SHA1
8e4b9c069b5f69d4824d768239e468bac36dc23d
-
SHA256
1b5fc2c4f44fcd648bc5857b6efe302817e5ce1e75e15d196bb9910107c99fcc
-
SHA512
8c292f366c398c6eff532c67859f3869bcbc2c00632689e30ebea424a4010cb73074cb93bd77c5865357123e53e174b00f8a916e968d568ba920f6f10b2edaf5
-
SSDEEP
24576:FbptUZveEPJ1IG5tit60xD53XusT5chPZ2k:FvUsQ1Jnit6sNoR
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1