Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1070606475ed9490c4fe6a4b817d75ed.bin

  • Size

    2.1MB

  • Sample

    240818-bc51eazbrm

  • MD5

    fc996784f36fe18e5aace574e178bd62

  • SHA1

    ff0153ee52ecc4a0ca70317eae0fabd3bc332934

  • SHA256

    6eec31844ba4b0c2c008ef00c521cb33e110b6754dd14ef4e60b05e633ab66c9

  • SHA512

    775541a8926037a3165782032549fe13c3f792dfc7b1bc80da017e50c611b8c23bc985de6b7185fef07a64b5d18a1299e46dcdc0cfbe1ab4d710d0f76c045d7a

  • SSDEEP

    49152:Jn/eVbqaE3nvoNilgQJ1vqbz+Uuvy0aMLeX8Yh:JnmVEnQN29az0yqeXjh

Malware Config

Targets

    • Target

      8d7e7c63b0739df784f5db7c063be7b3ef2d1f6b6b71d76e0ed1e5b6592512a6.exe

    • Size

      2.6MB

    • MD5

      1070606475ed9490c4fe6a4b817d75ed

    • SHA1

      8ff64041d3bd4efed4a2a1b3101025f765a5768c

    • SHA256

      8d7e7c63b0739df784f5db7c063be7b3ef2d1f6b6b71d76e0ed1e5b6592512a6

    • SHA512

      038b9745ac178cdce6375e96ed6f5a4d2a1dc5b4bd786f7e9984a2f127c855a9c115eb1973cde827ead9f8b7eed0b09b82ffcd5cab5af5e2d320fdcec0f5bd1b

    • SSDEEP

      49152:ubA3jtdJjzj1xCdkkxnV3OtgINg0ZxUeGRJpO99E1agk6K:ub2ZoFxVsUGEJc9aagw

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks