Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f
-
Size
270KB
-
Sample
221010-jlqwvabcdl
-
MD5
4d01040a74161507bf5bce0fb0897867
-
SHA1
f6a7ca90fcf2bffd53ccadb863202a8334c7ac4f
-
SHA256
a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f
-
SHA512
5c9d65da730285728503801b7705bce58285e9c67fb8cd59f1507bd7547ca8b23bcf0210935be35b5af589cad0a4a02e66d58e7580ab674f5e905431c54da299
-
SSDEEP
6144:MXe8tGCtPSHvXtrCmDgHpU9b30vrwVfquS:MXp3Q/trCmDgHpokvd
Static task
static1
Malware Config
Extracted
danabot
192.236.233.188:443
192.119.70.159:443
23.106.124.171:443
213.227.155.103:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
56951C922035D696BFCE443750496462
-
type
loader
Targets
-
-
Target
a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f
-
Size
270KB
-
MD5
4d01040a74161507bf5bce0fb0897867
-
SHA1
f6a7ca90fcf2bffd53ccadb863202a8334c7ac4f
-
SHA256
a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f
-
SHA512
5c9d65da730285728503801b7705bce58285e9c67fb8cd59f1507bd7547ca8b23bcf0210935be35b5af589cad0a4a02e66d58e7580ab674f5e905431c54da299
-
SSDEEP
6144:MXe8tGCtPSHvXtrCmDgHpU9b30vrwVfquS:MXp3Q/trCmDgHpokvd
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-