Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92

  • Size

    1.2MB

  • Sample

    221012-f4bcbsceej

  • MD5

    6c22e9ff51c52ea93902af7b8c2283c3

  • SHA1

    e4afe2353cafa647916cfca70e12443dea0a6387

  • SHA256

    35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92

  • SHA512

    49e1345148a74a1f0e743048fcd3918c5fc06b1d09308823b95368f8bd0b8a4fba80478768f27cb341faa014fa567f19a5cef0deca10bfdd9a13811377efa7ee

  • SSDEEP

    24576:uXhnBIzrRKpZv3ilD09IiYanTw75Vx6fO9qUigRnhqOGVdvbnu6/SZv:EBIMvPilDunTw73wOEysdC6/SZv

Score
10/10

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

23.106.124.171:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes
  • embedded_hash

    A813CAF845B5703DA814AF785BB60B21

  • type

    loader

Targets

    • Target

      35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92

    • Size

      1.2MB

    • MD5

      6c22e9ff51c52ea93902af7b8c2283c3

    • SHA1

      e4afe2353cafa647916cfca70e12443dea0a6387

    • SHA256

      35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92

    • SHA512

      49e1345148a74a1f0e743048fcd3918c5fc06b1d09308823b95368f8bd0b8a4fba80478768f27cb341faa014fa567f19a5cef0deca10bfdd9a13811377efa7ee

    • SSDEEP

      24576:uXhnBIzrRKpZv3ilD09IiYanTw75Vx6fO9qUigRnhqOGVdvbnu6/SZv:EBIMvPilDunTw73wOEysdC6/SZv

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks