Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b1e591dc4fa5b6071d9e44760b5dd5d8.exe

  • Size

    1.6MB

  • Sample

    230904-hcw6tseb91

  • MD5

    b1e591dc4fa5b6071d9e44760b5dd5d8

  • SHA1

    bfe9909abcacf41e08a8ab59904c0578987c8add

  • SHA256

    774d6ff191fc9d519c07a9ad05e8019d5cf4e0b8961d26fe1d98f69c89516c56

  • SHA512

    f0fd1548d6227bec6ead6f2ec9a3ae5bd1bcb67ab1191cb3eddd97cde74249b4e89a460586a22159f67a31a6e142478f859b9cbf75277278b3c3d810c103c16e

  • SSDEEP

    24576:u2G/nvxW3WieC0zj09QbSqUXJ/mypGc4b0hoc4D9dX1ri36WSmwVZXQxmiHn9vo+:ubA3j0zo9QYnpbZCdXRi36AwVN+n9vo+

Malware Config

Targets

    • Target

      b1e591dc4fa5b6071d9e44760b5dd5d8.exe

    • Size

      1.6MB

    • MD5

      b1e591dc4fa5b6071d9e44760b5dd5d8

    • SHA1

      bfe9909abcacf41e08a8ab59904c0578987c8add

    • SHA256

      774d6ff191fc9d519c07a9ad05e8019d5cf4e0b8961d26fe1d98f69c89516c56

    • SHA512

      f0fd1548d6227bec6ead6f2ec9a3ae5bd1bcb67ab1191cb3eddd97cde74249b4e89a460586a22159f67a31a6e142478f859b9cbf75277278b3c3d810c103c16e

    • SSDEEP

      24576:u2G/nvxW3WieC0zj09QbSqUXJ/mypGc4b0hoc4D9dX1ri36WSmwVZXQxmiHn9vo+:ubA3j0zo9QYnpbZCdXRi36AwVN+n9vo+

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks