Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316
-
Size
1.3MB
-
Sample
230203-el73xaea2y
-
MD5
1f2904d7456d666adf6f91cba286eb40
-
SHA1
170555e7f05ee791ad883128ccdb98dc94716e22
-
SHA256
71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316
-
SHA512
72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316
-
Size
1.3MB
-
MD5
1f2904d7456d666adf6f91cba286eb40
-
SHA1
170555e7f05ee791ad883128ccdb98dc94716e22
-
SHA256
71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316
-
SHA512
72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-