Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867

  • Size

    2.0MB

  • Sample

    231119-p7gsysah3x

  • MD5

    30187293127241c047ea7582cb3ba925

  • SHA1

    70e9d100311fcfd66e344f8a71bc1e019c3de94e

  • SHA256

    85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867

  • SHA512

    54f3a665d89e760f012847756ffdae0727af0617e67ae3aad59f76ce6e1e7c67ce20f52203237453a7d21f5f175f9c98281075fb182b29af4a1538312e3abd04

  • SSDEEP

    49152:nILNq8KKtRL4wk8UGHZF1ljvfvQAzjsKMvojOCIoBEScdD:nxKtRL47iPljJfsKDN7aScl

Score
10/10

Malware Config

Targets

    • Target

      85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867

    • Size

      2.0MB

    • MD5

      30187293127241c047ea7582cb3ba925

    • SHA1

      70e9d100311fcfd66e344f8a71bc1e019c3de94e

    • SHA256

      85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867

    • SHA512

      54f3a665d89e760f012847756ffdae0727af0617e67ae3aad59f76ce6e1e7c67ce20f52203237453a7d21f5f175f9c98281075fb182b29af4a1538312e3abd04

    • SSDEEP

      49152:nILNq8KKtRL4wk8UGHZF1ljvfvQAzjsKMvojOCIoBEScdD:nxKtRL47iPljJfsKDN7aScl

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks