Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93
-
Size
1.3MB
-
Sample
230203-kml5qagf9w
-
MD5
3c62be4360700cd8852595cd2acbeae6
-
SHA1
678a5dff56ae95464039d9fac9838e667c2ac940
-
SHA256
86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93
-
SHA512
fca6a2734c397be60671f3d149d0e5ebd51eed7f742d82caf5903ffa11c121486c399d86db66d2d8c9c657da97fdee4a207ae62cf88f51dedc9a800702369d4e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93
-
Size
1.3MB
-
MD5
3c62be4360700cd8852595cd2acbeae6
-
SHA1
678a5dff56ae95464039d9fac9838e667c2ac940
-
SHA256
86a409c7af9aa3a461c2b54ae4e4b0ab7d38c64d8b8d96a7c4808c5e14f0dc93
-
SHA512
fca6a2734c397be60671f3d149d0e5ebd51eed7f742d82caf5903ffa11c121486c399d86db66d2d8c9c657da97fdee4a207ae62cf88f51dedc9a800702369d4e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-