Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fund.exe
-
Size
2.0MB
-
Sample
230630-plb1ksba93
-
MD5
2d63112893ec4a3142f4f0b1f16f56db
-
SHA1
108a292cf6ea50e137a192aae121a8c6bd4c20dc
-
SHA256
294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15
-
SHA512
0a22a2fc4cc40e483127571601e534d51fd284816d77f2150c58d9215ae83b7180d132121be1d9d56b838e27e5072d2145f7a8a5c2da38b999977d26b22e82ad
-
SSDEEP
49152:ubA3j5/MFK5hftE2CQdLYlGU/qPWbQCVLsMhdzRNlbGM:ubKMFA1dElGfWbQCVLsMxr
Behavioral task
behavioral1
Sample
fund.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
fund.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
fund.exe
-
Size
2.0MB
-
MD5
2d63112893ec4a3142f4f0b1f16f56db
-
SHA1
108a292cf6ea50e137a192aae121a8c6bd4c20dc
-
SHA256
294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15
-
SHA512
0a22a2fc4cc40e483127571601e534d51fd284816d77f2150c58d9215ae83b7180d132121be1d9d56b838e27e5072d2145f7a8a5c2da38b999977d26b22e82ad
-
SSDEEP
49152:ubA3j5/MFK5hftE2CQdLYlGU/qPWbQCVLsMhdzRNlbGM:ubKMFA1dElGfWbQCVLsMxr
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-