Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4
-
Size
1.3MB
-
Sample
221031-x2yhhsdbam
-
MD5
12c46791ce960d2a512a119db969f863
-
SHA1
464c247181ad68c7d8696880baf7520f2cbf9db2
-
SHA256
0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4
-
SHA512
c6c5e1b2cf386e255afa5b613e0e4be213ebc987d5aecb174db0bd1a77fa2c053715437022329adea718334e03b891a211e451f4c402ff5f44ae262b8cebbfaf
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4
-
Size
1.3MB
-
MD5
12c46791ce960d2a512a119db969f863
-
SHA1
464c247181ad68c7d8696880baf7520f2cbf9db2
-
SHA256
0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4
-
SHA512
c6c5e1b2cf386e255afa5b613e0e4be213ebc987d5aecb174db0bd1a77fa2c053715437022329adea718334e03b891a211e451f4c402ff5f44ae262b8cebbfaf
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-