Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93

  • Size

    1.3MB

  • Sample

    230203-kml5qagf9w

  • MD5

    3c62be4360700cd8852595cd2acbeae6

  • SHA1

    678a5dff56ae95464039d9fac9838e667c2ac940

  • SHA256

    86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93

  • SHA512

    fca6a2734c397be60671f3d149d0e5ebd51eed7f742d82caf5903ffa11c121486c399d86db66d2d8c9c657da97fdee4a207ae62cf88f51dedc9a800702369d4e

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93

    • Size

      1.3MB

    • MD5

      3c62be4360700cd8852595cd2acbeae6

    • SHA1

      678a5dff56ae95464039d9fac9838e667c2ac940

    • SHA256

      86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93

    • SHA512

      fca6a2734c397be60671f3d149d0e5ebd51eed7f742d82caf5903ffa11c121486c399d86db66d2d8c9c657da97fdee4a207ae62cf88f51dedc9a800702369d4e

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks