Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ce171c70c52d08b43b7f6bd0847c4fe29147d2eb7e88d642993d1bd5ff349b9

  • Size

    1.3MB

  • Sample

    221031-ypgjxaddbj

  • MD5

    69317a2bd7d7f4a302929667f95e69f8

  • SHA1

    d86e2df29bedf0690e741ff3460289618272bd32

  • SHA256

    6ce171c70c52d08b43b7f6bd0847c4fe29147d2eb7e88d642993d1bd5ff349b9

  • SHA512

    fcb8f90c18cb1b4e496e6091d7ddfe97a6326f2e7a1519719305f58d276759c34d31842c37d56e7959f7ccb25ee12163cc8f7e962685cc641eccd16aad4fc697

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      6ce171c70c52d08b43b7f6bd0847c4fe29147d2eb7e88d642993d1bd5ff349b9

    • Size

      1.3MB

    • MD5

      69317a2bd7d7f4a302929667f95e69f8

    • SHA1

      d86e2df29bedf0690e741ff3460289618272bd32

    • SHA256

      6ce171c70c52d08b43b7f6bd0847c4fe29147d2eb7e88d642993d1bd5ff349b9

    • SHA512

      fcb8f90c18cb1b4e496e6091d7ddfe97a6326f2e7a1519719305f58d276759c34d31842c37d56e7959f7ccb25ee12163cc8f7e962685cc641eccd16aad4fc697

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks