Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HEUR-Backdoor.MSIL.LightStone.gen-e76feaaf3b02c4306a6e107b3ee8239feb6ef9fdd0c34a83d4a309d960288930.exe

  • Size

    784KB

  • Sample

    221228-la896ada7s

  • MD5

    07db192d82c606c182770ff5f9b1d600

  • SHA1

    69d9cbb97206de1eccc22e3b26eb3e33e6c170c4

  • SHA256

    e76feaaf3b02c4306a6e107b3ee8239feb6ef9fdd0c34a83d4a309d960288930

  • SHA512

    2cdca5458d86fb3690d20e5f995ed6c508ad3d8237325e2baa504f8f27dd83333a443f537b9797d57741c0b29b590770add23057ef300e4570c24e04650f0d27

  • SSDEEP

    12288:eqnO8YpD1oOJp+Ce1PSiG2jfIBoI5DyDwYMDxFesH0ioBw7oKk2:e+ORToOWSi5gBoS4wYUJ0eo2

Malware Config

Targets

    • Target

      HEUR-Backdoor.MSIL.LightStone.gen-e76feaaf3b02c4306a6e107b3ee8239feb6ef9fdd0c34a83d4a309d960288930.exe

    • Size

      784KB

    • MD5

      07db192d82c606c182770ff5f9b1d600

    • SHA1

      69d9cbb97206de1eccc22e3b26eb3e33e6c170c4

    • SHA256

      e76feaaf3b02c4306a6e107b3ee8239feb6ef9fdd0c34a83d4a309d960288930

    • SHA512

      2cdca5458d86fb3690d20e5f995ed6c508ad3d8237325e2baa504f8f27dd83333a443f537b9797d57741c0b29b590770add23057ef300e4570c24e04650f0d27

    • SSDEEP

      12288:eqnO8YpD1oOJp+Ce1PSiG2jfIBoI5DyDwYMDxFesH0ioBw7oKk2:e+ORToOWSi5gBoS4wYUJ0eo2

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks