Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2cf2ee2db74747868d2f966ffdaa427a78f0815ac4bfd7cb80691716bb7bc1f7
-
Size
230KB
-
Sample
221019-x2891sdhhk
-
MD5
b63164b2b5bad650747aebaae0a7ffcb
-
SHA1
d5511ec757f50be23024ab8c8f9f756bfe661b0d
-
SHA256
2cf2ee2db74747868d2f966ffdaa427a78f0815ac4bfd7cb80691716bb7bc1f7
-
SHA512
6a4a3971f4f5244474a658dcd513a1f69b639bd8ad952ed1481a13548f667524430f0f043a862699eb6c10ef774fefd170ae76e1e4d12136dba7fb36eb5ade73
-
SSDEEP
3072:mA2Cj4CVppigS+dLc3vNHvWh5oxgYzM8JZBZ865TtLSYUzrZDuLbak:mA/M8VLc3FHvQ5XUd5Tt3UzrYLe
Static task
static1
Malware Config
Extracted
danabot
192.236.233.188:443
192.119.70.159:443
23.106.124.171:443
213.227.155.103:443
-
embedded_hash
56951C922035D696BFCE443750496462
-
type
loader
Targets
-
-
Target
2cf2ee2db74747868d2f966ffdaa427a78f0815ac4bfd7cb80691716bb7bc1f7
-
Size
230KB
-
MD5
b63164b2b5bad650747aebaae0a7ffcb
-
SHA1
d5511ec757f50be23024ab8c8f9f756bfe661b0d
-
SHA256
2cf2ee2db74747868d2f966ffdaa427a78f0815ac4bfd7cb80691716bb7bc1f7
-
SHA512
6a4a3971f4f5244474a658dcd513a1f69b639bd8ad952ed1481a13548f667524430f0f043a862699eb6c10ef774fefd170ae76e1e4d12136dba7fb36eb5ade73
-
SSDEEP
3072:mA2Cj4CVppigS+dLc3vNHvWh5oxgYzM8JZBZ865TtLSYUzrZDuLbak:mA/M8VLc3FHvQ5XUd5Tt3UzrYLe
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-