Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee09d66a9ffc05f8b64b63809e24e68c0143b27f27c38a67c1be020cffe5926eN
-
Size
1.6MB
-
Sample
240919-mvhhlsthqg
-
MD5
74c1f67c58214d1d3629f0be21d90590
-
SHA1
2de1855efc9b23cc3964e085a902c1de83c2c1f7
-
SHA256
ee09d66a9ffc05f8b64b63809e24e68c0143b27f27c38a67c1be020cffe5926e
-
SHA512
134717ef9a405272f34aecff622d7c420d3de9cd421e79638e12a90aab5c804968d50de8510c9491cee87c0f860b987ec5a98470535b5d59f1fd900f7dbe75be
-
SSDEEP
49152:FYXvuodR5X4JqgOOnoIluPNFMX06otsEkA:eXvu8v+qUo+4tfkA
Malware Config
Targets
-
-
Target
ee09d66a9ffc05f8b64b63809e24e68c0143b27f27c38a67c1be020cffe5926eN
-
Size
1.6MB
-
MD5
74c1f67c58214d1d3629f0be21d90590
-
SHA1
2de1855efc9b23cc3964e085a902c1de83c2c1f7
-
SHA256
ee09d66a9ffc05f8b64b63809e24e68c0143b27f27c38a67c1be020cffe5926e
-
SHA512
134717ef9a405272f34aecff622d7c420d3de9cd421e79638e12a90aab5c804968d50de8510c9491cee87c0f860b987ec5a98470535b5d59f1fd900f7dbe75be
-
SSDEEP
49152:FYXvuodR5X4JqgOOnoIluPNFMX06otsEkA:eXvu8v+qUo+4tfkA
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1