Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    754c52185fa2fc8ac2d9f03290db41c4afede6933a55a6bd57c6158ce6d754adexe_JC.exe

  • Size

    3.5MB

  • Sample

    230805-rjjzhsee9x

  • MD5

    12826025c71dbd7b7b7b9b8ed8e73176

  • SHA1

    b129a45b5ccfdf0493fabcd3b9d54f9d2321f17f

  • SHA256

    754c52185fa2fc8ac2d9f03290db41c4afede6933a55a6bd57c6158ce6d754ad

  • SHA512

    f476b6bdf461eb9a6efed2f96280d6a545731e1e4e9071960f3b3d00cf077c11ddbeb0ca2b4d087fe3bf3118bae0dea85625e21843d4e160a2401caf2a978706

  • SSDEEP

    98304:UboZN6a7pKnH5txu3hOVj0wycuXOI8jthCAPKr:U0XvUnH5i3s7M8mP

Malware Config

Targets

    • Target

      754c52185fa2fc8ac2d9f03290db41c4afede6933a55a6bd57c6158ce6d754adexe_JC.exe

    • Size

      3.5MB

    • MD5

      12826025c71dbd7b7b7b9b8ed8e73176

    • SHA1

      b129a45b5ccfdf0493fabcd3b9d54f9d2321f17f

    • SHA256

      754c52185fa2fc8ac2d9f03290db41c4afede6933a55a6bd57c6158ce6d754ad

    • SHA512

      f476b6bdf461eb9a6efed2f96280d6a545731e1e4e9071960f3b3d00cf077c11ddbeb0ca2b4d087fe3bf3118bae0dea85625e21843d4e160a2401caf2a978706

    • SSDEEP

      98304:UboZN6a7pKnH5txu3hOVj0wycuXOI8jthCAPKr:U0XvUnH5i3s7M8mP

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks