Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb378eeb6557e9441a1b77daaf259b2d.exe

  • Size

    1.3MB

  • Sample

    230703-tadr9aha47

  • MD5

    bb378eeb6557e9441a1b77daaf259b2d

  • SHA1

    d70dbe4af5e6f910c842bd71683bcb7e7a6b3e70

  • SHA256

    9eaab4bb7e5d22ea0c333513a0516b9535b45feeaf05cbc6714fbf8823cbcbbc

  • SHA512

    7fd54487ee6529dec1a2a50bb9d60af79c64e1f9a0aab3d0fbb1772185524cb6444a906cb3022183e17c2aa4a0897e8d2e163536c4fded5ffe742ad2b0b77bca

  • SSDEEP

    24576:FZXxCOFbh94+AkAUewXW4DFfepe8YT3f6j7ynSS52qs:FPCOFU+ewJfeg8Y2j2nh52

Malware Config

Targets

    • Target

      bb378eeb6557e9441a1b77daaf259b2d.exe

    • Size

      1.3MB

    • MD5

      bb378eeb6557e9441a1b77daaf259b2d

    • SHA1

      d70dbe4af5e6f910c842bd71683bcb7e7a6b3e70

    • SHA256

      9eaab4bb7e5d22ea0c333513a0516b9535b45feeaf05cbc6714fbf8823cbcbbc

    • SHA512

      7fd54487ee6529dec1a2a50bb9d60af79c64e1f9a0aab3d0fbb1772185524cb6444a906cb3022183e17c2aa4a0897e8d2e163536c4fded5ffe742ad2b0b77bca

    • SSDEEP

      24576:FZXxCOFbh94+AkAUewXW4DFfepe8YT3f6j7ynSS52qs:FPCOFU+ewJfeg8Y2j2nh52

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks