Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b1e591dc4fa5b6071d9e44760b5dd5d8.exe
-
Size
1.6MB
-
Sample
230904-hcw6tseb91
-
MD5
b1e591dc4fa5b6071d9e44760b5dd5d8
-
SHA1
bfe9909abcacf41e08a8ab59904c0578987c8add
-
SHA256
774d6ff191fc9d519c07a9ad05e8019d5cf4e0b8961d26fe1d98f69c89516c56
-
SHA512
f0fd1548d6227bec6ead6f2ec9a3ae5bd1bcb67ab1191cb3eddd97cde74249b4e89a460586a22159f67a31a6e142478f859b9cbf75277278b3c3d810c103c16e
-
SSDEEP
24576:u2G/nvxW3WieC0zj09QbSqUXJ/mypGc4b0hoc4D9dX1ri36WSmwVZXQxmiHn9vo+:ubA3j0zo9QYnpbZCdXRi36AwVN+n9vo+
Malware Config
Targets
-
-
Target
b1e591dc4fa5b6071d9e44760b5dd5d8.exe
-
Size
1.6MB
-
MD5
b1e591dc4fa5b6071d9e44760b5dd5d8
-
SHA1
bfe9909abcacf41e08a8ab59904c0578987c8add
-
SHA256
774d6ff191fc9d519c07a9ad05e8019d5cf4e0b8961d26fe1d98f69c89516c56
-
SHA512
f0fd1548d6227bec6ead6f2ec9a3ae5bd1bcb67ab1191cb3eddd97cde74249b4e89a460586a22159f67a31a6e142478f859b9cbf75277278b3c3d810c103c16e
-
SSDEEP
24576:u2G/nvxW3WieC0zj09QbSqUXJ/mypGc4b0hoc4D9dX1ri36WSmwVZXQxmiHn9vo+:ubA3j0zo9QYnpbZCdXRi36AwVN+n9vo+
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-