Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53368d43243cf7dd4690ed5925b24a1c7fdd79e7cd084b31ad34fb4a91371a80

  • Size

    1.3MB

  • Sample

    221101-hrpejahba7

  • MD5

    ee1d63ef602b127a19f4d8d5570858da

  • SHA1

    da38fcc5f27bced51a02452bea36d84b680a06c3

  • SHA256

    53368d43243cf7dd4690ed5925b24a1c7fdd79e7cd084b31ad34fb4a91371a80

  • SHA512

    c4447fe41c7c3db7b273c69c623a170a05be6ec6d68ec9452a074ae990cc7dcb1f066655751dc4bb48b7d03fb5b220f47490f4c5237f7443f949a6cc0dff5d0d

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      53368d43243cf7dd4690ed5925b24a1c7fdd79e7cd084b31ad34fb4a91371a80

    • Size

      1.3MB

    • MD5

      ee1d63ef602b127a19f4d8d5570858da

    • SHA1

      da38fcc5f27bced51a02452bea36d84b680a06c3

    • SHA256

      53368d43243cf7dd4690ed5925b24a1c7fdd79e7cd084b31ad34fb4a91371a80

    • SHA512

      c4447fe41c7c3db7b273c69c623a170a05be6ec6d68ec9452a074ae990cc7dcb1f066655751dc4bb48b7d03fb5b220f47490f4c5237f7443f949a6cc0dff5d0d

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks