Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
05/03/2025, 04:07
250305-ep5f7aymw5 627/01/2025, 01:26
250127-bttzgavkfm 727/01/2025, 01:13
250127-bk8fhasqgt 620/01/2025, 05:23
250120-f3dfastmap 720/01/2025, 05:07
250120-fr6ygasrdr 631/12/2024, 05:12
241231-fv24pawlhm 731/12/2024, 04:49
241231-ffsxgaylaw 1031/12/2024, 04:46
241231-fd1jjaykby 731/12/2024, 04:31
241231-e5vlxsxpd1 10General
-
Target
https://youtube.com/@boffy/
-
Sample
241231-e5vlxsxpd1
Malware Config
Extracted
http://blockchainjoblist.com/wp-admin/014080/
https://womenempowermentpakistan.com/wp-admin/paba5q52/
https://atnimanvilla.com/wp-content/073735/
https://yeuquynhnhai.com/upload/41830/
https://deepikarai.com/js/4bzs6/
Extracted
https://erpoweredent.at/3/zte.dll
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Targets
-
-
Target
https://youtube.com/@boffy/
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
A potential corporate email address has been identified in the URL: httpswww.youtube.com@boffycbrd1
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-