Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0

  • Size

    1.3MB

  • Sample

    230203-le7bcsdg38

  • MD5

    75d94d9c4b5f51c0d858642511e73a11

  • SHA1

    b195f029c43665db1e6bda1ff2e2ad3296cee307

  • SHA256

    a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0

  • SHA512

    c0815f1670e04becfbe8e3bf681040e71e26bdc1508efbaa04b135a0a6c2c856236b7f3ec00f298d22f09a28df2b0a4103a0a5e5eb59ba037934c7c6a3304340

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0

    • Size

      1.3MB

    • MD5

      75d94d9c4b5f51c0d858642511e73a11

    • SHA1

      b195f029c43665db1e6bda1ff2e2ad3296cee307

    • SHA256

      a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0

    • SHA512

      c0815f1670e04becfbe8e3bf681040e71e26bdc1508efbaa04b135a0a6c2c856236b7f3ec00f298d22f09a28df2b0a4103a0a5e5eb59ba037934c7c6a3304340

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks