Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

  • Size

    304KB

  • Sample

    220911-dqasjaefer

  • MD5

    f76e9ddbb573bfa72c2196a548c873cc

  • SHA1

    8a72e8da7b9afa221becf1276162b8d091b32069

  • SHA256

    b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

  • SHA512

    38e08634f2a908b0ded7cee00acc436917e4b5b8a7f2da1e36c09967b377eacedf1964636174aaec41a1b32d2ca57d1de4e6eec8579918ac20e963ce9d266a0c

  • SSDEEP

    6144:CTID1B6C3bSyMOe6O2aWd0ohg8ij9HEwFJxsfnxAL5TdrOyWEG499LOw6OXsTJDf:CcSC3bSyMOeZ2aWd0ohg8iVEwFJSAL5

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

198.15.112.179:443

185.62.56.245:443

66.85.147.23:443

Attributes
  • embedded_hash

    61A1CB063216C13FFD2E15D7F3F515E2

  • type

    loader

Targets

    • Target

      b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

    • Size

      304KB

    • MD5

      f76e9ddbb573bfa72c2196a548c873cc

    • SHA1

      8a72e8da7b9afa221becf1276162b8d091b32069

    • SHA256

      b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

    • SHA512

      38e08634f2a908b0ded7cee00acc436917e4b5b8a7f2da1e36c09967b377eacedf1964636174aaec41a1b32d2ca57d1de4e6eec8579918ac20e963ce9d266a0c

    • SSDEEP

      6144:CTID1B6C3bSyMOe6O2aWd0ohg8ij9HEwFJxsfnxAL5TdrOyWEG499LOw6OXsTJDf:CcSC3bSyMOeZ2aWd0ohg8iVEwFJSAL5

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks