Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
638809035dd3fafc1377ffd71f4a5296.bin
-
Size
2.6MB
-
Sample
231224-chal5afeh5
-
MD5
21c98238bc48261f6cdc46f1679f5a4c
-
SHA1
e9954acf9439da485448dac99e7714ac99bb36eb
-
SHA256
3c8446105b8c784de66d9f19aea1ff4a12afda154f2f35056fa6acfecfa6453e
-
SHA512
f1e7d05d349f576848b6b9a6cbfdacfc683a4b5b8025124060af357f822f89d86abc0654dc44000cd36e88a0863dda626e2fd5daf03aa30f12b47afec90b1fb4
-
SSDEEP
49152:FicBOGJUuHySffvU/KrTDW0W0o6JMfOfUkpMPPs5lRjwtPHVOUGYKoSQZc3u6+R:r9THyCvUCq0WeJMOfUke3+rjwtdOzZc9
Malware Config
Targets
-
-
Target
1dd3edb673a05c19521b785935f8e803ec5f3104883db80f1a671182e23c4274.exe
-
Size
3.4MB
-
MD5
638809035dd3fafc1377ffd71f4a5296
-
SHA1
1a5920fc6fcb463288bc07023ad5840ebbca4b11
-
SHA256
1dd3edb673a05c19521b785935f8e803ec5f3104883db80f1a671182e23c4274
-
SHA512
3ddd44ead391ab72c5fe9476608a1c908f983ff6dacb499b27e21bb638d1da88951335262562ede806100cb83d72283bf6446e02a422e3a06b567e7406dbc896
-
SSDEEP
98304:uTbZZD8r18Vx4IuzrIXltEDjm/PtLORlm0:W3DY2/IgjEu4Q
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-