Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
хомяк.exe
-
Size
13.5MB
-
Sample
240630-sfd5jazclb
-
MD5
a26a308a71c3fd57cd4fad9dc8d55fb1
-
SHA1
3722d8d2b321f72b2e207a8e1f7e408d35c7d607
-
SHA256
12b1d0212363628cb57d2379017b94d6bf91029b37b2dcee592a564952855694
-
SHA512
306868bb537ffae0a7cd4de76b0f52079b2aa5f744f50abe3a866f4bb2f17a829cb91537a30c76240798248a0e9da6d5f92591ed1e7101337e2aa0f78e764e55
-
SSDEEP
393216:n5BbqQ/ThnhIxo1S/Js7D+xZlwRjMAke5F:5P4xy0ADFRYAj
Static task
static1
Behavioral task
behavioral1
Sample
хомяк.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
хомяк.exe
-
Size
13.5MB
-
MD5
a26a308a71c3fd57cd4fad9dc8d55fb1
-
SHA1
3722d8d2b321f72b2e207a8e1f7e408d35c7d607
-
SHA256
12b1d0212363628cb57d2379017b94d6bf91029b37b2dcee592a564952855694
-
SHA512
306868bb537ffae0a7cd4de76b0f52079b2aa5f744f50abe3a866f4bb2f17a829cb91537a30c76240798248a0e9da6d5f92591ed1e7101337e2aa0f78e764e55
-
SSDEEP
393216:n5BbqQ/ThnhIxo1S/Js7D+xZlwRjMAke5F:5P4xy0ADFRYAj
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-