Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4

  • Size

    1.3MB

  • Sample

    221031-x2yhhsdbam

  • MD5

    12c46791ce960d2a512a119db969f863

  • SHA1

    464c247181ad68c7d8696880baf7520f2cbf9db2

  • SHA256

    0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4

  • SHA512

    c6c5e1b2cf386e255afa5b613e0e4be213ebc987d5aecb174db0bd1a77fa2c053715437022329adea718334e03b891a211e451f4c402ff5f44ae262b8cebbfaf

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4

    • Size

      1.3MB

    • MD5

      12c46791ce960d2a512a119db969f863

    • SHA1

      464c247181ad68c7d8696880baf7520f2cbf9db2

    • SHA256

      0013a9fa302baf10fc02be4c127319303b9f6ac410231cd1eabf7295be6b65d4

    • SHA512

      c6c5e1b2cf386e255afa5b613e0e4be213ebc987d5aecb174db0bd1a77fa2c053715437022329adea718334e03b891a211e451f4c402ff5f44ae262b8cebbfaf

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks