Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f

  • Size

    270KB

  • Sample

    221010-jlqwvabcdl

  • MD5

    4d01040a74161507bf5bce0fb0897867

  • SHA1

    f6a7ca90fcf2bffd53ccadb863202a8334c7ac4f

  • SHA256

    a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f

  • SHA512

    5c9d65da730285728503801b7705bce58285e9c67fb8cd59f1507bd7547ca8b23bcf0210935be35b5af589cad0a4a02e66d58e7580ab674f5e905431c54da299

  • SSDEEP

    6144:MXe8tGCtPSHvXtrCmDgHpU9b30vrwVfquS:MXp3Q/trCmDgHpokvd

Score
10/10
danabotsmokeloaderbackdoorbankerspywarestealertrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f

    • Size

      270KB

    • MD5

      4d01040a74161507bf5bce0fb0897867

    • SHA1

      f6a7ca90fcf2bffd53ccadb863202a8334c7ac4f

    • SHA256

      a9aa8fceb7b903bfd238db2ebb6b430fbba87d41beae5ba96644e95b0b90400f

    • SHA512

      5c9d65da730285728503801b7705bce58285e9c67fb8cd59f1507bd7547ca8b23bcf0210935be35b5af589cad0a4a02e66d58e7580ab674f5e905431c54da299

    • SSDEEP

      6144:MXe8tGCtPSHvXtrCmDgHpU9b30vrwVfquS:MXp3Q/trCmDgHpokvd

    Score
    10/10
    danabotsmokeloaderbackdoorbankerspywarestealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks