Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_7bc66c63958fc10688b8f23c108680a1

  • Size

    1.3MB

  • Sample

    250316-1c5gbazxdz

  • MD5

    7bc66c63958fc10688b8f23c108680a1

  • SHA1

    65d71a5d82aa5a62a9bb0317ce9c07b123862f82

  • SHA256

    7382bab7d701e49526666ab7e32ba1e10a93f1a71ca98314ec3db8878674a092

  • SHA512

    bd2149bb69cbdb276d8a11f983a7f5bc1dccc30d5c6cd42af0f98d1bf856d28ac134459f50c2950ba0cb055c5bf2cc779553374b31307b9e9a537b8b946a57ca

  • SSDEEP

    24576:E////crXNSAoqo4vQPyagXNSAoqo4vQP9OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbb:tbgEjyITimXw

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

86.76.24.22:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    ALGqJhQDPi9d

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_7bc66c63958fc10688b8f23c108680a1

    • Size

      1.3MB

    • MD5

      7bc66c63958fc10688b8f23c108680a1

    • SHA1

      65d71a5d82aa5a62a9bb0317ce9c07b123862f82

    • SHA256

      7382bab7d701e49526666ab7e32ba1e10a93f1a71ca98314ec3db8878674a092

    • SHA512

      bd2149bb69cbdb276d8a11f983a7f5bc1dccc30d5c6cd42af0f98d1bf856d28ac134459f50c2950ba0cb055c5bf2cc779553374b31307b9e9a537b8b946a57ca

    • SSDEEP

      24576:E////crXNSAoqo4vQPyagXNSAoqo4vQP9OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbb:tbgEjyITimXw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks