Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BridgeReview_protected.exe
-
Size
2.8MB
-
Sample
230709-qnls8sda78
-
MD5
fefd90a570c93a0a2ec4838ad5e077f0
-
SHA1
81c0a7c797cd74e639ff97ecbdfba368549c6bb2
-
SHA256
bb7f46fde76addee53d6e9765b4b55e440698cfed873d01547f7eb43e16a38f5
-
SHA512
f32011517dbe54fce044da65fca1663e3e82acc0fa2443c69e6f3d0fc461f0bf2b512f4450dec0ad281a2a5f4f7abfbe20423843c10fb6d36e558a2e4e34b3d5
-
SSDEEP
49152:Y9JYJBVie9pMadBi6ZGLXIE/3sT1DS8f9rIxCpSvHusz6fm26n9qdMg4B7i6:zJB/bbiBI31D5f9PkvOaPnDB7i6
Malware Config
Targets
-
-
Target
BridgeReview_protected.exe
-
Size
2.8MB
-
MD5
fefd90a570c93a0a2ec4838ad5e077f0
-
SHA1
81c0a7c797cd74e639ff97ecbdfba368549c6bb2
-
SHA256
bb7f46fde76addee53d6e9765b4b55e440698cfed873d01547f7eb43e16a38f5
-
SHA512
f32011517dbe54fce044da65fca1663e3e82acc0fa2443c69e6f3d0fc461f0bf2b512f4450dec0ad281a2a5f4f7abfbe20423843c10fb6d36e558a2e4e34b3d5
-
SSDEEP
49152:Y9JYJBVie9pMadBi6ZGLXIE/3sT1DS8f9rIxCpSvHusz6fm26n9qdMg4B7i6:zJB/bbiBI31D5f9PkvOaPnDB7i6
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-