Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ab0890a2aedb8d21048be3cb8fcaf6ba8fe22d418fec483bdba53e68ab430f6.exe

  • Size

    3.1MB

  • Sample

    240228-t88ehsgg3t

  • MD5

    2c03d2d911694cd33c23b0edafd33ff0

  • SHA1

    c16efb40930aec5b7f894b78f9b6f04bfc03fa0f

  • SHA256

    6ab0890a2aedb8d21048be3cb8fcaf6ba8fe22d418fec483bdba53e68ab430f6

  • SHA512

    b02b123bfb5d5ef55820315887ceecbdb4ecdc50f7af241a9b6b722baedcce0b6441e1553d1ccbc85b091ac84c1c4801d8cdcc291575d8a4dc1afa974fc76dee

  • SSDEEP

    49152:xp70LTonM7JrVV+t8Z6e8hyF9kdrq8ChhGpg2U/KQ7d5tQX:gfonMdBVZYyjACh0DUB71

Score
10/10

Malware Config

Targets

    • Target

      6ab0890a2aedb8d21048be3cb8fcaf6ba8fe22d418fec483bdba53e68ab430f6.exe

    • Size

      3.1MB

    • MD5

      2c03d2d911694cd33c23b0edafd33ff0

    • SHA1

      c16efb40930aec5b7f894b78f9b6f04bfc03fa0f

    • SHA256

      6ab0890a2aedb8d21048be3cb8fcaf6ba8fe22d418fec483bdba53e68ab430f6

    • SHA512

      b02b123bfb5d5ef55820315887ceecbdb4ecdc50f7af241a9b6b722baedcce0b6441e1553d1ccbc85b091ac84c1c4801d8cdcc291575d8a4dc1afa974fc76dee

    • SSDEEP

      49152:xp70LTonM7JrVV+t8Z6e8hyF9kdrq8ChhGpg2U/KQ7d5tQX:gfonMdBVZYyjACh0DUB71

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks