Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_7bc66c63958fc10688b8f23c108680a1
-
Size
1.3MB
-
Sample
250316-1c5gbazxdz
-
MD5
7bc66c63958fc10688b8f23c108680a1
-
SHA1
65d71a5d82aa5a62a9bb0317ce9c07b123862f82
-
SHA256
7382bab7d701e49526666ab7e32ba1e10a93f1a71ca98314ec3db8878674a092
-
SHA512
bd2149bb69cbdb276d8a11f983a7f5bc1dccc30d5c6cd42af0f98d1bf856d28ac134459f50c2950ba0cb055c5bf2cc779553374b31307b9e9a537b8b946a57ca
-
SSDEEP
24576:E////crXNSAoqo4vQPyagXNSAoqo4vQP9OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbb:tbgEjyITimXw
Behavioral task
behavioral1
Sample
JaffaCakes118_7bc66c63958fc10688b8f23c108680a1.exe
Resource
win7-20250207-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
86.76.24.22:1604
DC_MUTEX-F54S21D
-
gencode
ALGqJhQDPi9d
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_7bc66c63958fc10688b8f23c108680a1
-
Size
1.3MB
-
MD5
7bc66c63958fc10688b8f23c108680a1
-
SHA1
65d71a5d82aa5a62a9bb0317ce9c07b123862f82
-
SHA256
7382bab7d701e49526666ab7e32ba1e10a93f1a71ca98314ec3db8878674a092
-
SHA512
bd2149bb69cbdb276d8a11f983a7f5bc1dccc30d5c6cd42af0f98d1bf856d28ac134459f50c2950ba0cb055c5bf2cc779553374b31307b9e9a537b8b946a57ca
-
SSDEEP
24576:E////crXNSAoqo4vQPyagXNSAoqo4vQP9OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbb:tbgEjyITimXw
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-