Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0a022d070a6aad92cf2c2bd42904450e.exe
-
Size
1.4MB
-
Sample
230330-jzeezabf63
-
MD5
0a022d070a6aad92cf2c2bd42904450e
-
SHA1
3b50c321894bc0979a237c97bbc9e15cc8fa0060
-
SHA256
97cd6974b24b7e82fc2ae0caf4ed7aef3228a16c625c5091a50098208fbc8c64
-
SHA512
e61387efb8c998934c6dbfdba0e119f5fa58a289774c0481cd7d880f6362ded13dbefc5a788170666c3403b43a256e1de2baad519e3e00b82a86c848136ea740
-
SSDEEP
12288:CXqxzqntNfrYusEIXwRg1k6+OkJzbS4qUMEsgZN8NGfmurA4tD9j4oI6P+QSvTM9:EOqnzzYuVowK4OkJ/S4qUM7H14Bp+xG
Malware Config
Targets
-
-
Target
0a022d070a6aad92cf2c2bd42904450e.exe
-
Size
1.4MB
-
MD5
0a022d070a6aad92cf2c2bd42904450e
-
SHA1
3b50c321894bc0979a237c97bbc9e15cc8fa0060
-
SHA256
97cd6974b24b7e82fc2ae0caf4ed7aef3228a16c625c5091a50098208fbc8c64
-
SHA512
e61387efb8c998934c6dbfdba0e119f5fa58a289774c0481cd7d880f6362ded13dbefc5a788170666c3403b43a256e1de2baad519e3e00b82a86c848136ea740
-
SSDEEP
12288:CXqxzqntNfrYusEIXwRg1k6+OkJzbS4qUMEsgZN8NGfmurA4tD9j4oI6P+QSvTM9:EOqnzzYuVowK4OkJ/S4qUM7H14Bp+xG
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-