Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...04.exe

windows7-x64

10

JaffaCakes...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_794decb8c03f3480ff35dbf05bcd7e04

  • Size

    646KB

  • Sample

    250316-htbapat1fz

  • MD5

    794decb8c03f3480ff35dbf05bcd7e04

  • SHA1

    5e9ca71f08bddd245ddc67e1e3b53fad1c7b8cb4

  • SHA256

    cf89fbd1093e27af9746dc81f775cb2186990b75d0917a0a98638226a7a2dc54

  • SHA512

    bbfc06724ede2ae83390f8d177bfd917802f32c0ab2963168d6032943c03232f992ac94d7b3ec5e4c19743ed7827c0693eebd117cc3f795931c67828d5f4b454

  • SSDEEP

    12288:Q8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixB:JUKoN0bUxgGa/pfBHDb+y1HgZ/

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

fytyrlybri2323.zapto.org :10

Mutex

DC_MUTEX-4V4VH9Q

Attributes
  • gencode

    yWharjRyxlQz

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_794decb8c03f3480ff35dbf05bcd7e04

    • Size

      646KB

    • MD5

      794decb8c03f3480ff35dbf05bcd7e04

    • SHA1

      5e9ca71f08bddd245ddc67e1e3b53fad1c7b8cb4

    • SHA256

      cf89fbd1093e27af9746dc81f775cb2186990b75d0917a0a98638226a7a2dc54

    • SHA512

      bbfc06724ede2ae83390f8d177bfd917802f32c0ab2963168d6032943c03232f992ac94d7b3ec5e4c19743ed7827c0693eebd117cc3f795931c67828d5f4b454

    • SSDEEP

      12288:Q8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixB:JUKoN0bUxgGa/pfBHDb+y1HgZ/

    Score
    10/10
    darkcometguest16discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks