Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2e3ffb5f7fbeb7a61469de81dc14d064.exe
-
Size
2.7MB
-
Sample
230820-t6s7taac4z
-
MD5
2e3ffb5f7fbeb7a61469de81dc14d064
-
SHA1
9d153b840d6c9b2df768252086db867a8d910adc
-
SHA256
247fb8446c5648499cbcba01cda9e97ce5daad8398343dc239f234465fc8a1e3
-
SHA512
4c4dc0160eddb055a9455f5a9f8efce41551d7f148fbdac9262b92d01a3a24a487b961130fde374ce7040ca1adc270c7d119205766caceb21e3b8eeb1833c9c3
-
SSDEEP
49152:UbA30UK6G4e3r8dh03amztNBDLTAOGqrXkAS+iIHLlDbDCXj63:Ub4/G94dmKmt/MoQASwbDec
Malware Config
Targets
-
-
Target
2e3ffb5f7fbeb7a61469de81dc14d064.exe
-
Size
2.7MB
-
MD5
2e3ffb5f7fbeb7a61469de81dc14d064
-
SHA1
9d153b840d6c9b2df768252086db867a8d910adc
-
SHA256
247fb8446c5648499cbcba01cda9e97ce5daad8398343dc239f234465fc8a1e3
-
SHA512
4c4dc0160eddb055a9455f5a9f8efce41551d7f148fbdac9262b92d01a3a24a487b961130fde374ce7040ca1adc270c7d119205766caceb21e3b8eeb1833c9c3
-
SSDEEP
49152:UbA30UK6G4e3r8dh03amztNBDLTAOGqrXkAS+iIHLlDbDCXj63:Ub4/G94dmKmt/MoQASwbDec
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1