Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30

  • Size

    256KB

  • Sample

    221027-f1axdsahdk

  • MD5

    2574df928dade38b6439e14e167d9342

  • SHA1

    f9b0e479f1eb2d9bc8f1420b1577a1b75ef2a0f2

  • SHA256

    a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30

  • SHA512

    dfa32412b37773051c4251165a01e965617794b2844e9fa0aa789c71995d5b97d19e4e09a173571a5f7890d87ab7a053864a0abf1ee72cc3acfeaa97e98ff3b0

  • SSDEEP

    6144:d3qGs1pM/PcECggm/aqQ4BqWE4aJ2QI1E:d3O1pEkiCfb/2QIy

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

Attributes
  • embedded_hash

    BBBB0DB8CB7E6D152424535822E445A7

  • type

    loader

Targets

    • Target

      a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30

    • Size

      256KB

    • MD5

      2574df928dade38b6439e14e167d9342

    • SHA1

      f9b0e479f1eb2d9bc8f1420b1577a1b75ef2a0f2

    • SHA256

      a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30

    • SHA512

      dfa32412b37773051c4251165a01e965617794b2844e9fa0aa789c71995d5b97d19e4e09a173571a5f7890d87ab7a053864a0abf1ee72cc3acfeaa97e98ff3b0

    • SSDEEP

      6144:d3qGs1pM/PcECggm/aqQ4BqWE4aJ2QI1E:d3O1pEkiCfb/2QIy

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks