Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    638809035dd3fafc1377ffd71f4a5296.bin

  • Size

    2.6MB

  • Sample

    231224-chal5afeh5

  • MD5

    21c98238bc48261f6cdc46f1679f5a4c

  • SHA1

    e9954acf9439da485448dac99e7714ac99bb36eb

  • SHA256

    3c8446105b8c784de66d9f19aea1ff4a12afda154f2f35056fa6acfecfa6453e

  • SHA512

    f1e7d05d349f576848b6b9a6cbfdacfc683a4b5b8025124060af357f822f89d86abc0654dc44000cd36e88a0863dda626e2fd5daf03aa30f12b47afec90b1fb4

  • SSDEEP

    49152:FicBOGJUuHySffvU/KrTDW0W0o6JMfOfUkpMPPs5lRjwtPHVOUGYKoSQZc3u6+R:r9THyCvUCq0WeJMOfUke3+rjwtdOzZc9

Score
10/10

Malware Config

Targets

    • Target

      1dd3edb673a05c19521b785935f8e803ec5f3104883db80f1a671182e23c4274.exe

    • Size

      3.4MB

    • MD5

      638809035dd3fafc1377ffd71f4a5296

    • SHA1

      1a5920fc6fcb463288bc07023ad5840ebbca4b11

    • SHA256

      1dd3edb673a05c19521b785935f8e803ec5f3104883db80f1a671182e23c4274

    • SHA512

      3ddd44ead391ab72c5fe9476608a1c908f983ff6dacb499b27e21bb638d1da88951335262562ede806100cb83d72283bf6446e02a422e3a06b567e7406dbc896

    • SSDEEP

      98304:uTbZZD8r18Vx4IuzrIXltEDjm/PtLORlm0:W3DY2/IgjEu4Q

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks