Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

b6e3f01f49...f5.exe

windows7-x64

10

b6e3f01f49...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

  • Size

    141KB

  • Sample

    221219-yn7ppsfh86

  • MD5

    0c750cef4490b810ed5f735bcd838e3a

  • SHA1

    c322c0c03fa15a7c8dff01caf2e592d3d782ed08

  • SHA256

    098612c1426f8c912222d73b116b41236c7197fccc5c379f89ae0bfe00cc788f

  • SHA512

    feff92cb8d9a35d2a49ca141f5ce7789e9cb01c90e10f231eeb5687d1fa4f747e67f8c13ad04cfd83e55d56abcc7fc3f172d88ff7a2f4bb2c827946c606751b0

  • SSDEEP

    3072:BxRTSmvluynIAzyG8VLaijrrCr5gbmOt+y0E:BxJSmvvIg1OaAry5gbmKv

Score
10/10
danabotsmokeloaderbackdoorbankerdiscoverytrojan

Malware Config

Targets

    • Target

      b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

    • Size

      214KB

    • MD5

      59299a2e1bb32ca5875b197e7d2d339f

    • SHA1

      a081d3d73d8c39bf9049632af2a7a3e8a360165c

    • SHA256

      b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

    • SHA512

      51562dc2e31b65ed77c4a404ab325f28e03d673a95079720be9ac1d43234228f16ddb8f0521fbe7980b2aa96051093037e6502b7dcea0e5244e8c16099928626

    • SSDEEP

      3072:Y3BWLxxIaRRRdZoQt0nemkBAq2muZGVaNRAtOba+A3+9jcbImdzmuX:YRWLxx5Zx0emc/00nQjcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbankerdiscovery

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.