Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bb378eeb6557e9441a1b77daaf259b2d.exe
-
Size
1.3MB
-
Sample
230703-tadr9aha47
-
MD5
bb378eeb6557e9441a1b77daaf259b2d
-
SHA1
d70dbe4af5e6f910c842bd71683bcb7e7a6b3e70
-
SHA256
9eaab4bb7e5d22ea0c333513a0516b9535b45feeaf05cbc6714fbf8823cbcbbc
-
SHA512
7fd54487ee6529dec1a2a50bb9d60af79c64e1f9a0aab3d0fbb1772185524cb6444a906cb3022183e17c2aa4a0897e8d2e163536c4fded5ffe742ad2b0b77bca
-
SSDEEP
24576:FZXxCOFbh94+AkAUewXW4DFfepe8YT3f6j7ynSS52qs:FPCOFU+ewJfeg8Y2j2nh52
Malware Config
Targets
-
-
Target
bb378eeb6557e9441a1b77daaf259b2d.exe
-
Size
1.3MB
-
MD5
bb378eeb6557e9441a1b77daaf259b2d
-
SHA1
d70dbe4af5e6f910c842bd71683bcb7e7a6b3e70
-
SHA256
9eaab4bb7e5d22ea0c333513a0516b9535b45feeaf05cbc6714fbf8823cbcbbc
-
SHA512
7fd54487ee6529dec1a2a50bb9d60af79c64e1f9a0aab3d0fbb1772185524cb6444a906cb3022183e17c2aa4a0897e8d2e163536c4fded5ffe742ad2b0b77bca
-
SSDEEP
24576:FZXxCOFbh94+AkAUewXW4DFfepe8YT3f6j7ynSS52qs:FPCOFU+ewJfeg8Y2j2nh52
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-