Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b

  • Size

    268KB

  • Sample

    221007-xtwzqadca3

  • MD5

    1cc90586176dc7cdc6aabf82a8220312

  • SHA1

    644e661ec63925b14c900e45a7e14809e73e0f0a

  • SHA256

    3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b

  • SHA512

    f8ef1ec287bb80d18d3aeceb3c90d00ea6c7e6b77caf2d2382fe437a449db01123a3155312011d109d67712e612d6ff18a1e9ba6bd0bbcc85343a26e05ad9d6b

  • SSDEEP

    3072:NXNofhihbLE+NyNphMm5B6Ep+JNWYDEXAPvrJESOIB6p8Dm75/k66MzGVggjcGky:JuZkyT1Z83wQbJE2K8D28CO7ITsqe4

Score
10/10

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b

    • Size

      268KB

    • MD5

      1cc90586176dc7cdc6aabf82a8220312

    • SHA1

      644e661ec63925b14c900e45a7e14809e73e0f0a

    • SHA256

      3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b

    • SHA512

      f8ef1ec287bb80d18d3aeceb3c90d00ea6c7e6b77caf2d2382fe437a449db01123a3155312011d109d67712e612d6ff18a1e9ba6bd0bbcc85343a26e05ad9d6b

    • SSDEEP

      3072:NXNofhihbLE+NyNphMm5B6Ep+JNWYDEXAPvrJESOIB6p8Dm75/k66MzGVggjcGky:JuZkyT1Z83wQbJE2K8D28CO7ITsqe4

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks