Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    488291ee16052448a88ff5f4b4ff7472.exe

  • Size

    828KB

  • Sample

    240821-ccn8bsvbnd

  • MD5

    488291ee16052448a88ff5f4b4ff7472

  • SHA1

    b7f7a100fd8f36501de1fec9f277aa7f73918c15

  • SHA256

    59587a702b395acaad29b4cd695d7c236ef19dba0375ad16010e7a170dc90929

  • SHA512

    050af158ba434d95cc4e520675c1fc9c9079103ae9af853615044aa2df8d0f8990fc0da095fe7334c82897d3a303cc386298e9133479bd6a39bebb1245d28108

  • SSDEEP

    12288:u9V+q0VaZWcItdHp6yY9gNmNpsrx5fpgEYjqnK9cG:gXeaZWrHp6wcYFbZYeKt

Score
10/10

Malware Config

Targets

    • Target

      488291ee16052448a88ff5f4b4ff7472.exe

    • Size

      828KB

    • MD5

      488291ee16052448a88ff5f4b4ff7472

    • SHA1

      b7f7a100fd8f36501de1fec9f277aa7f73918c15

    • SHA256

      59587a702b395acaad29b4cd695d7c236ef19dba0375ad16010e7a170dc90929

    • SHA512

      050af158ba434d95cc4e520675c1fc9c9079103ae9af853615044aa2df8d0f8990fc0da095fe7334c82897d3a303cc386298e9133479bd6a39bebb1245d28108

    • SSDEEP

      12288:u9V+q0VaZWcItdHp6yY9gNmNpsrx5fpgEYjqnK9cG:gXeaZWrHp6wcYFbZYeKt

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks