Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...87.exe

windows7-x64

10

JaffaCakes...87.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7e02507dac1589507c8ed14ec1b34a87

  • Size

    1.8MB

  • Sample

    250317-nzsd2ssl17

  • MD5

    7e02507dac1589507c8ed14ec1b34a87

  • SHA1

    c5085831167af29ed3cfb8476ed55d7c2d3a27df

  • SHA256

    326db47ee21a2978df7464ec5041167561e5cd3d83827ba3918e88ec04b89dee

  • SHA512

    316b79c9f5aa60549f0bd1621f26005746cb83a479eef9745cd52099a968205211a94802ba0f6ee588f897951dfb03b12aa34df95e0141f72c98bd47feb91655

  • SSDEEP

    24576:f6xt9Nap1NVD/rTJ60U0C83REJcXqlWfMVIEoPHWu9p/EfpiZfdaIHDdIFrJCoJ:fm9NqPfvjqlbgb/ExO8c8B

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

nicksdcrat1.no-ip.org:82

Mutex

DC_MUTEX-QNFCFKG

Attributes
  • gencode

    e9TV92Q1dEqq

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_7e02507dac1589507c8ed14ec1b34a87

    • Size

      1.8MB

    • MD5

      7e02507dac1589507c8ed14ec1b34a87

    • SHA1

      c5085831167af29ed3cfb8476ed55d7c2d3a27df

    • SHA256

      326db47ee21a2978df7464ec5041167561e5cd3d83827ba3918e88ec04b89dee

    • SHA512

      316b79c9f5aa60549f0bd1621f26005746cb83a479eef9745cd52099a968205211a94802ba0f6ee588f897951dfb03b12aa34df95e0141f72c98bd47feb91655

    • SSDEEP

      24576:f6xt9Nap1NVD/rTJ60U0C83REJcXqlWfMVIEoPHWu9p/EfpiZfdaIHDdIFrJCoJ:fm9NqPfvjqlbgb/ExO8c8B

    Score
    10/10
    darkcometguest16discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks