Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8e569bc871...18.exe

windows7-x64

10

8e569bc871...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e569bc871b8364669e122b63dda8399_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240812-l9akwa1akd

  • MD5

    8e569bc871b8364669e122b63dda8399

  • SHA1

    69dfd12c7df066389d1cf48ee17619ce03289263

  • SHA256

    5f67a9e1b25d56cf1e7ba857b2cfc4be77db1e92ea8a32ee154e9322d96387f7

  • SHA512

    21782398dcfdcaa15d1e61874b6811907876066f45d77cb563d86db9c692b1435c4956fc92b89bd47a29b31162ee8f4ee9df7492360b158a7a7ae1ae2fbfbb1e

  • SSDEEP

    24576:Qr0NQtHQ+I8JqdGmbTXgpDDhJ8BD1gNZNZANDuRrPNiKQ//j36L:QYNQtHQ+idGmbTXgpHhJ8BD1UvANDorN

Score
10/10
danabot4bankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.242.31:443

192.119.110.73:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPvYED31s9p4zf6GMtg/u+PcE3
3
nZfynudhDfv9UkUfPbos2SlZ26IDACG5/jQNYcToWrfJiUO9rHtvi2OvyMM0sHdJ
4
KQVRs5DsWW+z2cSr3feptw4M2MoUKzr9hDPum7mJDoHCnp1QQ88CXGRFUkIgeDWQ
5
xtcCtZrs2sSQRqUMiwIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAK3+/YRNRUimB/hs
3
h9+QgMGYMvouCwW/atllNTAFx1JeupIiOed5ES9FdsaHlENxSqkf5rbG3Tidh5mp
4
8LAbGnDopNcv6we6tDOna0TyzCT0FTiyP33IVYM3M2T6+dZLTD5jF81oRy85e1lS
5
OKUJ1EpUdY6fa7/w8TnKcrUww/5VAgMBAAECgYAVnypB1phVfsxewp3f2kUlyZQM
6
Isyb2j2c5kbFwPIT+lGU90vax+CqzycDZLW368wrWBuDexLihjDjl4qhV7zhNlO+
7
XNlHQ3FKqDLucINTzMszdf97AEp9KLW/kioHhYUTnu3CxpD99aFgx0e23fCZeXmt
8
8pp9kcY4WZGj3pnRwQJBAL9zj0okel7N4CiZc0NfwsGho7LosFjlVz3GgwEuVVpI
9
/w4ZcVkKE9zyziM7TCgwGf9F6nonXxBF1KV0xK8hAjcCQQDoqNW1wWS5Lc3qhqvb
10
H8zRagSdLAVFBJ8Mciei/HzumtmcXl5wMGQUof4WFAm9soqL6H4J17yICB8900T+

Targets

    • Target

      8e569bc871b8364669e122b63dda8399_JaffaCakes118

    • Size

      1.2MB

    • MD5

      8e569bc871b8364669e122b63dda8399

    • SHA1

      69dfd12c7df066389d1cf48ee17619ce03289263

    • SHA256

      5f67a9e1b25d56cf1e7ba857b2cfc4be77db1e92ea8a32ee154e9322d96387f7

    • SHA512

      21782398dcfdcaa15d1e61874b6811907876066f45d77cb563d86db9c692b1435c4956fc92b89bd47a29b31162ee8f4ee9df7492360b158a7a7ae1ae2fbfbb1e

    • SSDEEP

      24576:Qr0NQtHQ+I8JqdGmbTXgpDDhJ8BD1gNZNZANDuRrPNiKQ//j36L:QYNQtHQ+idGmbTXgpHhJ8BD1UvANDorN

    Score
    10/10
    danabot4bankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.