Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6843e9b84284b74e34dad59595a18637937671050c786fae7847eabb4b63f8b3
-
Size
149KB
-
Sample
221017-cgejpaaeek
-
MD5
b78d25bc46ad351746af259f1b629cfe
-
SHA1
b621b03ddc95217e8fb6d069c83595223bdea0de
-
SHA256
591bf63308311312fd34e7f3808dc2dc90c6ce499340bfd07ff770974bca9c90
-
SHA512
354ddacd36ab4f27dfcdb8ef311dae5ffbd6ae92db7b62095e4ca7fb8b41d1db5be85bc1c0cacb6db7f39b78233f75497ae3f9d98d8bd9fce66a2c0f62b37ae3
-
SSDEEP
3072:3UUlrls14OfhjCva2eyT8cc22Y/38Kd6+XI6Nb8OrnEvuTAGqjVZ2tA:3ZlsXlCAysm/sKc+X9b8EnEmkTjV8i
Static task
static1
Behavioral task
behavioral1
Sample
6843e9b84284b74e34dad59595a18637937671050c786fae7847eabb4b63f8b3.exe
Resource
win7-20220901-en
Malware Config
Extracted
danabot
192.236.233.188:443
192.119.70.159:443
23.106.124.171:443
213.227.155.103:443
-
embedded_hash
56951C922035D696BFCE443750496462
-
type
loader
Targets
-
-
Target
6843e9b84284b74e34dad59595a18637937671050c786fae7847eabb4b63f8b3
-
Size
225KB
-
MD5
867f3cc3fec8eb835ce43577d208454c
-
SHA1
441d9bfccfb833adb3ef54319c724ffda5a84c83
-
SHA256
6843e9b84284b74e34dad59595a18637937671050c786fae7847eabb4b63f8b3
-
SHA512
adfe4cbfc292acf289c0d4f6ef87ba90b28c7b56906020e0ae6b3cc5a27839505ee304488748d8362342903e0e1acc5ce14983ef0b3c5bb96afcf1dbef8a3295
-
SSDEEP
3072:mUXpWwHQLpVAYpBNe5lBs1P1J1wc22Y/38KdO79m0K80ZOCWgkZWH+UuS:fPHQL7BN/Rm/sK8Zm0c92aHuS
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-