Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522

  • Size

    2.5MB

  • Sample

    231012-q17w8see94

  • MD5

    e71b100ba4895671392bebdb6940b58a

  • SHA1

    3f0cc8aad3fa8041b5ba40ac4c3e9d9d2d909d25

  • SHA256

    f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522

  • SHA512

    24d99c32e2b275aa2554225932e73c319169cbe87811ab4d08861e44a43f0e7984690e1e83200405321062680d7ec679eea7ab7d09b633700b1edcf73dc68191

  • SSDEEP

    49152:UbA30JB27p9ftg4mUnKbgHns5D6RL1gVHrl+ZraG9LOgwddVyB7pe:Ub3a9fmbgMN8qLYxasqDncq

Score
10/10

Malware Config

Targets

    • Target

      f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522

    • Size

      2.5MB

    • MD5

      e71b100ba4895671392bebdb6940b58a

    • SHA1

      3f0cc8aad3fa8041b5ba40ac4c3e9d9d2d909d25

    • SHA256

      f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522

    • SHA512

      24d99c32e2b275aa2554225932e73c319169cbe87811ab4d08861e44a43f0e7984690e1e83200405321062680d7ec679eea7ab7d09b633700b1edcf73dc68191

    • SSDEEP

      49152:UbA30JB27p9ftg4mUnKbgHns5D6RL1gVHrl+ZraG9LOgwddVyB7pe:Ub3a9fmbgMN8qLYxasqDncq

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks