Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

  • Size

    1.3MB

  • Sample

    230203-el73xaea2y

  • MD5

    1f2904d7456d666adf6f91cba286eb40

  • SHA1

    170555e7f05ee791ad883128ccdb98dc94716e22

  • SHA256

    71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

  • SHA512

    72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

    • Size

      1.3MB

    • MD5

      1f2904d7456d666adf6f91cba286eb40

    • SHA1

      170555e7f05ee791ad883128ccdb98dc94716e22

    • SHA256

      71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

    • SHA512

      72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.