Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

spotify hi...fy.exe

windows7-x64

10

spotify hi...fy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Spotify.rar

  • Size

    247KB

  • Sample

    250321-ramdaazwfw

  • MD5

    5d1af4841aeeae43f56160d11296a816

  • SHA1

    1e94a85999e9446d77b718989d1082fc259e7ca6

  • SHA256

    3328c150e148edfd431c680f34c58df258a1e9e6363b3eea0af96a880e711612

  • SHA512

    da0da050375fa5cdfca8e21ce1f9a30cae9c4d931c7b3c69f0fa973f1492dac38e7b59fcfdbc4651474e5221fc2f7effff99a0fe5303b7d7ebfad5b3a7aeb9b2

  • SSDEEP

    3072:Z74YrFLaYPANlU3QBhZS5KxztXF0iL38mn+sWidiNJFps4okUFg:ZUGBAllzt1tXF0iD8s+sdUfFS79O

Score
10/10
darkcometsazandiscoveryrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

g5jko7dyn.localto.net:8654

Mutex

DC_MUTEX-YY61VMG

Attributes
  • gencode

    Fgww6DheNnHQ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      spotify hile/Spotify.exe

    • Size

      255KB

    • MD5

      bf3966112169dabfa1939b58c2b26818

    • SHA1

      047130f04702c6c3ae4886d89037f134964213a4

    • SHA256

      daefa58d297444a734939ad53bf8958fef4cf5ffa6401aab57ea299fba2f07a8

    • SHA512

      8cc9c649ac8c2fdc9c23c223f0497d8d6e6532551be2be7e7eecc7b664450e35f111ce02501831a8e52548a584347e29162e792696eb4da22f3324b7ecca2273

    • SSDEEP

      6144:PcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37+o:PcW7KEZlPzCy37

    Score
    10/10
    darkcometsazandiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks