Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    685df8974de3a8819711378c48cf2c4393fbef75fe4681438d7ea514efd31542

  • Size

    142KB

  • Sample

    220930-lhncnaeafr

  • MD5

    0ab96a48cb8cff39cc0528124c467f7e

  • SHA1

    5f87e75058bef5af8cb58443c4c2dcbc17a61757

  • SHA256

    685df8974de3a8819711378c48cf2c4393fbef75fe4681438d7ea514efd31542

  • SHA512

    d4339a4a611555702367d49d1e58ac2498c907453b196679f1a466e415b04b8626857f696825d4f866229143fd213e7aee9c6a50335958d8b57de553f9353df0

  • SSDEEP

    3072:/vQUKyj3nlqRdeVHd7t9+vMZBu/EWENqV3MIWxt:vj36QHd7W/EW9Wf

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    A813CAF845B5703DA814AF785BB60B21

  • type

    loader

Targets

    • Target

      685df8974de3a8819711378c48cf2c4393fbef75fe4681438d7ea514efd31542

    • Size

      142KB

    • MD5

      0ab96a48cb8cff39cc0528124c467f7e

    • SHA1

      5f87e75058bef5af8cb58443c4c2dcbc17a61757

    • SHA256

      685df8974de3a8819711378c48cf2c4393fbef75fe4681438d7ea514efd31542

    • SHA512

      d4339a4a611555702367d49d1e58ac2498c907453b196679f1a466e415b04b8626857f696825d4f866229143fd213e7aee9c6a50335958d8b57de553f9353df0

    • SSDEEP

      3072:/vQUKyj3nlqRdeVHd7t9+vMZBu/EWENqV3MIWxt:vj36QHd7W/EW9Wf

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks