Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2bac605e5583c13c10d4f1e0f0427c7e

  • Size

    1.6MB

  • Sample

    231231-g7gh7ahaa8

  • MD5

    2bac605e5583c13c10d4f1e0f0427c7e

  • SHA1

    5cf030f522cfa4323026a65a1b92bb0df5189960

  • SHA256

    4759bca33d28b3cf7d62e9a85d64dc7bbe2acf4993bb702c7016381bee8a0a29

  • SHA512

    1b07a092d75cbf5c7050694ca1686726e825a0442defa1142191e1246ac4c42b9c3d42daeb8eb17a3a5009ba1ee995af9e3c2ea94ee1401323966df23ae14298

  • SSDEEP

    24576:u2G/nvxW3WieCjPLoxXw1dpqthRHHyJVnZBAQcNDAjAQbCjO6F4//PeSh+45:ubA3jP1LqtaPZ5G2C6E4H0Y

Malware Config

Targets

    • Target

      2bac605e5583c13c10d4f1e0f0427c7e

    • Size

      1.6MB

    • MD5

      2bac605e5583c13c10d4f1e0f0427c7e

    • SHA1

      5cf030f522cfa4323026a65a1b92bb0df5189960

    • SHA256

      4759bca33d28b3cf7d62e9a85d64dc7bbe2acf4993bb702c7016381bee8a0a29

    • SHA512

      1b07a092d75cbf5c7050694ca1686726e825a0442defa1142191e1246ac4c42b9c3d42daeb8eb17a3a5009ba1ee995af9e3c2ea94ee1401323966df23ae14298

    • SSDEEP

      24576:u2G/nvxW3WieCjPLoxXw1dpqthRHHyJVnZBAQcNDAjAQbCjO6F4//PeSh+45:ubA3jP1LqtaPZ5G2C6E4H0Y

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks