Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

667774c9b0...70.exe

windows7-x64

10

667774c9b0...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30fb1e6f54d2d81cd464b46419bf35ef.bin

  • Size

    807KB

  • Sample

    230822-bqr1psah9t

  • MD5

    554638fe624ee57b19a3ba17540624b1

  • SHA1

    d4bf7ab0b88a44c02eb3e17fd9e63c4079ffa8c0

  • SHA256

    1d6755e6fb1b03b615293d25ad8b49caec12d1be68942b65a1f0d393628ba8e5

  • SHA512

    7d80aa1e3aef42e25c0ee534e2484727a338e953308ab79e968b10541ca1d80d805d05c7d0d88eefca11a9a4d2a9c85b19d8141f066e953e7d78d748367ee89e

  • SSDEEP

    24576:Ol5Tf3Cr2EtHZamXoX3+hBSPWX2ADdNu0aIJdg:CLYtHV4X6APWX5nC6dg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      667774c9b0aa4bfeb3932e3702636520e50dbf291252614a30bd9d2be0dd0b70.exe

    • Size

      1.2MB

    • MD5

      30fb1e6f54d2d81cd464b46419bf35ef

    • SHA1

      9934996cb195555caef91b39255167f9064601b3

    • SHA256

      667774c9b0aa4bfeb3932e3702636520e50dbf291252614a30bd9d2be0dd0b70

    • SHA512

      5ab7e6db122be392b1352d22a0a78a8a52677f9f51d5d3c792a55b02eafe3c8190f401c7b0cfd32f45cfb98fd000e84b48ed1043789ab6e4743c2a1e4e30a36a

    • SSDEEP

      24576:vDlrXK5PNnTnjuOqfrOB9lKB2go1CAA0aN09OTFjQt+kPcT:7cbn+O/8B2vCAuN09OTGt

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks