Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

DHL_060520...41.vbs

windows7-x64

10

DHL_060520...41.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f70af025548df40e384bc4bac11d78f5_JaffaCakes118

  • Size

    279KB

  • Sample

    240418-ce4qsshc9s

  • MD5

    f70af025548df40e384bc4bac11d78f5

  • SHA1

    8339970fc6324ffa1486823e20d036ec03cd8f4f

  • SHA256

    6c569d751bad1c483e441d11fddd7163682835c963834014bc22481a7abe1163

  • SHA512

    58c3b847e6a795d87677af652e92d9d0d6eda96a66ba2dcc3296d64ee6f9f03f4ab92285cdc3d5a7531fc857bc3a334b8fe7f6db3ee233bd1880fe86cea03c77

  • SSDEEP

    6144:EzmY9buUTnXQpisZuBuQO4jg4w/gI6yhwH8xzO1fFR4FOBTGQ:Ev3Tgpi62uQO4jqgAycx+t1Bd

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

17.87.135.29

178.209.51.211

92.19.7.22

192.71.249.51

125.204.180.169

182.91.160.38

35.132.27.153

11.32.49.47

50.64.117.111

121.215.98.191
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyJo2aXOQNP+KeAnWlpOiuMk5W
3
l1An5GorPHqEyFAlRyv6sEylQDjAuSLGsy2LCvKmuzx2AFQ+3IMfqFf3JacY1HmY
4
WuiL1V+R910TohM+6hnLnWx7JNbfzB3S7D1JC/WNUwlVv5NnIIX1i+zIW5BTanU1
5
yQ97xjvokjvZHCHe2wIDAQAB
6
-----END PUBLIC KEY-----

Targets

    • Target

      DHL_06052019_00330134265324053041.vbs

    • Size

      1.5MB

    • MD5

      92ecf80bc725fa74181d95ac0838e868

    • SHA1

      7f799efa6d6cb3cfe194d5ca6b046839bf5f2a14

    • SHA256

      d0d6b5440599fb7f047c0f2c933f2291c308d8c755d03d50097d7509005898f0

    • SHA512

      9e00078a0e70f5f7bf5042d9ca3639facc495e8337a05912b0c10ab0b9d6bc7efcd8fcde7f9a313f833f71593eadab642211403449558e0027d52695ef8754ce

    • SSDEEP

      3072:bEBy+XzeuINWCVuvRNZ0/8eywuFgT1Nk0g4gvVuctC76l/ahL/rk1yuJaXXn/kd3:WUIPbDXs10xh

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.