Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b

  • Size

    1.3MB

  • Sample

    221101-rqw8escfa6

  • MD5

    163c8fb8df0a5e84d6c549c033bfe655

  • SHA1

    e5095e0782fbd9246afda65b4842854e7d2438e7

  • SHA256

    fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b

  • SHA512

    6a3aa2e4648aebb472157e92503149986f4caccda26e124dce592369ed7bbdd9199b4f3deb2941aee1e9758425f36b5959b581ed0019d15678a3d3db5d99e778

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b

    • Size

      1.3MB

    • MD5

      163c8fb8df0a5e84d6c549c033bfe655

    • SHA1

      e5095e0782fbd9246afda65b4842854e7d2438e7

    • SHA256

      fc6d5f338921e857bb9d4a92ec58b22623a8c598e3198bd568c2d31a0ccb477b

    • SHA512

      6a3aa2e4648aebb472157e92503149986f4caccda26e124dce592369ed7bbdd9199b4f3deb2941aee1e9758425f36b5959b581ed0019d15678a3d3db5d99e778

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks