Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    63144ff5a65e776313c9cb44da25a200N.exe

  • Size

    608KB

  • Sample

    240726-dsvwgstarj

  • MD5

    63144ff5a65e776313c9cb44da25a200

  • SHA1

    31e41d70fc55af771446bf4f879afbd809b6a7df

  • SHA256

    1b9e9cca2dcab6f35d56f397ad17aaf66dbdb7984834b9f8c26f094a2f0f763f

  • SHA512

    a32bbcb9b8799fc542cb1b0a5a1b6fceec3471d996fdeae965aa2a3860914fdaa4a64725f02221959d0a0a26fc13d8f23edf392baca4e04f34d0d2e6054c52cb

  • SSDEEP

    12288:jpoIY///1UFAe3kB0xazM6WZuS20IFpdO4WrzJjPt4mFBYU:CIY/YSQOjWZuWI84uJjhBY

Malware Config

Targets

    • Target

      63144ff5a65e776313c9cb44da25a200N.exe

    • Size

      608KB

    • MD5

      63144ff5a65e776313c9cb44da25a200

    • SHA1

      31e41d70fc55af771446bf4f879afbd809b6a7df

    • SHA256

      1b9e9cca2dcab6f35d56f397ad17aaf66dbdb7984834b9f8c26f094a2f0f763f

    • SHA512

      a32bbcb9b8799fc542cb1b0a5a1b6fceec3471d996fdeae965aa2a3860914fdaa4a64725f02221959d0a0a26fc13d8f23edf392baca4e04f34d0d2e6054c52cb

    • SSDEEP

      12288:jpoIY///1UFAe3kB0xazM6WZuS20IFpdO4WrzJjPt4mFBYU:CIY/YSQOjWZuWI84uJjhBY

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.