Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_822fa2afa7f2a8665ee145ccd950f5ca
-
Size
584KB
-
Sample
250320-kydygsyxgw
-
MD5
822fa2afa7f2a8665ee145ccd950f5ca
-
SHA1
ce13c1ddb939654fc73ab1a2f9bb195b02a0e17c
-
SHA256
1f43c14aca004721c246d400425587d99104d466d46a9075c84e8c6ec6c2b136
-
SHA512
70ccb62847b7a0544b9d037e8a9923295cb6510fe7565313b5c03f9ab8b0520c3288ace5523c801ce27d804bd76f9e7b65ab3e581c0becf741f14461fe26d591
-
SSDEEP
12288:JzpGGsvC4R8zPq8Dfji/pEmuUc1+e5zWlT6x:942qUji/y+Wzks
Malware Config
Extracted
darkcomet
VictimeV12
windowsclean.no-ip.biz:3667
DC_MUTEX-D1ZGSY-V12
-
gencode
5oVi=o*7q9cN
-
install
false
-
offline_keylogger
true
-
password
drogba11
-
persistence
false
Targets
-
-
Target
JaffaCakes118_822fa2afa7f2a8665ee145ccd950f5ca
-
Size
584KB
-
MD5
822fa2afa7f2a8665ee145ccd950f5ca
-
SHA1
ce13c1ddb939654fc73ab1a2f9bb195b02a0e17c
-
SHA256
1f43c14aca004721c246d400425587d99104d466d46a9075c84e8c6ec6c2b136
-
SHA512
70ccb62847b7a0544b9d037e8a9923295cb6510fe7565313b5c03f9ab8b0520c3288ace5523c801ce27d804bd76f9e7b65ab3e581c0becf741f14461fe26d591
-
SSDEEP
12288:JzpGGsvC4R8zPq8Dfji/pEmuUc1+e5zWlT6x:942qUji/y+Wzks
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-