Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/09/2022, 20:40
220924-zf4hradccr 10General
-
Target
0b26eab73b57842b1b5c439df38324e9.exe
-
Size
2.6MB
-
Sample
220924-zf4hradccr
-
MD5
0b26eab73b57842b1b5c439df38324e9
-
SHA1
42633109f529b2dad7532b349c32c5d5f867ecf9
-
SHA256
94263aa0a3b9de301c6fea69b4d211662829b23a80020b80879f37e6ff6bd6f0
-
SHA512
e653f61dfce5e156a9135ec34cca1f3765192e22ec80f5f43c49e5140681b5e514896c2720e048245088d15ceecb95e11625deff6355ed7db6c26ae7f0e6d7e7
-
SSDEEP
49152:npTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:nZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Malware Config
Targets
-
-
Target
0b26eab73b57842b1b5c439df38324e9.exe
-
Size
2.6MB
-
MD5
0b26eab73b57842b1b5c439df38324e9
-
SHA1
42633109f529b2dad7532b349c32c5d5f867ecf9
-
SHA256
94263aa0a3b9de301c6fea69b4d211662829b23a80020b80879f37e6ff6bd6f0
-
SHA512
e653f61dfce5e156a9135ec34cca1f3765192e22ec80f5f43c49e5140681b5e514896c2720e048245088d15ceecb95e11625deff6355ed7db6c26ae7f0e6d7e7
-
SSDEEP
49152:npTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:nZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-