Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HEUR-Trojan.MSIL.Generic-b12fbaf6b6ba8add5b7d.exe

  • Size

    768KB

  • Sample

    230104-n31jtsaf4y

  • MD5

    ca77b734327afb186e37d78d948034e8

  • SHA1

    73d0f64044802166bf6c3ca982a3f5ba5405c81e

  • SHA256

    b12fbaf6b6ba8add5b7d2f86c8dc9020e087a164b7a022c0058dd397754352f4

  • SHA512

    d03b22bca2262f4acd8054c419dac9af28f33b90950104bed89cf2e35419f373f0d306e8a08532eab2c99e2d11bec0093c38fd1040a78e063225948b4add7050

  • SSDEEP

    12288:kr9okJ1XGTNrrxqFcT7K2p+CMWOvE+LKxPSRwqTqHjgL2NdLwQmhJSGwHDkP:C9rqJS2AxZWp5Hj8oOFQD8

Score
10/10

Malware Config

Targets

    • Target

      HEUR-Trojan.MSIL.Generic-b12fbaf6b6ba8add5b7d.exe

    • Size

      768KB

    • MD5

      ca77b734327afb186e37d78d948034e8

    • SHA1

      73d0f64044802166bf6c3ca982a3f5ba5405c81e

    • SHA256

      b12fbaf6b6ba8add5b7d2f86c8dc9020e087a164b7a022c0058dd397754352f4

    • SHA512

      d03b22bca2262f4acd8054c419dac9af28f33b90950104bed89cf2e35419f373f0d306e8a08532eab2c99e2d11bec0093c38fd1040a78e063225948b4add7050

    • SSDEEP

      12288:kr9okJ1XGTNrrxqFcT7K2p+CMWOvE+LKxPSRwqTqHjgL2NdLwQmhJSGwHDkP:C9rqJS2AxZWp5Hj8oOFQD8

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks