Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fund.exe

  • Size

    2.0MB

  • Sample

    230630-plb1ksba93

  • MD5

    2d63112893ec4a3142f4f0b1f16f56db

  • SHA1

    108a292cf6ea50e137a192aae121a8c6bd4c20dc

  • SHA256

    294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15

  • SHA512

    0a22a2fc4cc40e483127571601e534d51fd284816d77f2150c58d9215ae83b7180d132121be1d9d56b838e27e5072d2145f7a8a5c2da38b999977d26b22e82ad

  • SSDEEP

    49152:ubA3j5/MFK5hftE2CQdLYlGU/qPWbQCVLsMhdzRNlbGM:ubKMFA1dElGfWbQCVLsMxr

Score
10/10

Malware Config

Targets

    • Target

      fund.exe

    • Size

      2.0MB

    • MD5

      2d63112893ec4a3142f4f0b1f16f56db

    • SHA1

      108a292cf6ea50e137a192aae121a8c6bd4c20dc

    • SHA256

      294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15

    • SHA512

      0a22a2fc4cc40e483127571601e534d51fd284816d77f2150c58d9215ae83b7180d132121be1d9d56b838e27e5072d2145f7a8a5c2da38b999977d26b22e82ad

    • SSDEEP

      49152:ubA3j5/MFK5hftE2CQdLYlGU/qPWbQCVLsMhdzRNlbGM:ubKMFA1dElGfWbQCVLsMxr

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks