Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b
-
Size
1.3MB
-
Sample
221101-rqw8escfa6
-
MD5
163c8fb8df0a5e84d6c549c033bfe655
-
SHA1
e5095e0782fbd9246afda65b4842854e7d2438e7
-
SHA256
fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b
-
SHA512
6a3aa2e4648aebb472157e92503149986f4caccda26e124dce592369ed7bbdd9199b4f3deb2941aee1e9758425f36b5959b581ed0019d15678a3d3db5d99e778
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b
-
Size
1.3MB
-
MD5
163c8fb8df0a5e84d6c549c033bfe655
-
SHA1
e5095e0782fbd9246afda65b4842854e7d2438e7
-
SHA256
fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b
-
SHA512
6a3aa2e4648aebb472157e92503149986f4caccda26e124dce592369ed7bbdd9199b4f3deb2941aee1e9758425f36b5959b581ed0019d15678a3d3db5d99e778
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-