Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d7b7d7150d8282dfdfc0de64b54f2c66c82b5e21d180c2dc3566a3205186278f

  • Size

    193KB

  • Sample

    221020-kzcf2sefcm

  • MD5

    056e389ed68b6441edc19c32cae3c36f

  • SHA1

    e8eca80ac1eddd46702ea1f0bda93c537f611928

  • SHA256

    d7b7d7150d8282dfdfc0de64b54f2c66c82b5e21d180c2dc3566a3205186278f

  • SHA512

    61b3054a7a1f053516cfbdc3167ed044c72f36a2b155391283d5d8030e71ebab941d6ba6dcfef8b7a439b10bdeefb9020b122d4901cda8f741151b1708decbad

  • SSDEEP

    3072:z2XOjuimzLDWEBXM05Ftyv4P8/hWQ2oOX0Kfj3:KOuimzLR5McEgkZWQ2TX0O

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      d7b7d7150d8282dfdfc0de64b54f2c66c82b5e21d180c2dc3566a3205186278f

    • Size

      193KB

    • MD5

      056e389ed68b6441edc19c32cae3c36f

    • SHA1

      e8eca80ac1eddd46702ea1f0bda93c537f611928

    • SHA256

      d7b7d7150d8282dfdfc0de64b54f2c66c82b5e21d180c2dc3566a3205186278f

    • SHA512

      61b3054a7a1f053516cfbdc3167ed044c72f36a2b155391283d5d8030e71ebab941d6ba6dcfef8b7a439b10bdeefb9020b122d4901cda8f741151b1708decbad

    • SSDEEP

      3072:z2XOjuimzLDWEBXM05Ftyv4P8/hWQ2oOX0Kfj3:KOuimzLR5McEgkZWQ2TX0O

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks