Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8905f89f62de1843087ede5f6aa2d409f97322e0062b9fd86a5d0ecf4b66dc61

  • Size

    274KB

  • Sample

    221012-a8eyescad5

  • MD5

    1b5d8a4ba40a71fd2c0db8c86c01b67d

  • SHA1

    741ff872a93d6c13871f3ad8838d12df6f44a65b

  • SHA256

    8905f89f62de1843087ede5f6aa2d409f97322e0062b9fd86a5d0ecf4b66dc61

  • SHA512

    04a26ebb1169d6f147e2206f5df356c11157d29fab2da7f7e136ea35d3e8a8445ff78b7e33e4402282e6fe3e20f55182f5522b9245caa8883e818944bf0ebacf

  • SSDEEP

    6144:sy7kDXlir/t1l6aeoRNIy3/irwVfquS/:TilS1g3oRO0/id

Score
10/10

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      8905f89f62de1843087ede5f6aa2d409f97322e0062b9fd86a5d0ecf4b66dc61

    • Size

      274KB

    • MD5

      1b5d8a4ba40a71fd2c0db8c86c01b67d

    • SHA1

      741ff872a93d6c13871f3ad8838d12df6f44a65b

    • SHA256

      8905f89f62de1843087ede5f6aa2d409f97322e0062b9fd86a5d0ecf4b66dc61

    • SHA512

      04a26ebb1169d6f147e2206f5df356c11157d29fab2da7f7e136ea35d3e8a8445ff78b7e33e4402282e6fe3e20f55182f5522b9245caa8883e818944bf0ebacf

    • SSDEEP

      6144:sy7kDXlir/t1l6aeoRNIy3/irwVfquS/:TilS1g3oRO0/id

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks