General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.vc.524
-
Size
2.6MB
-
Sample
200624-cswvntwhes
-
MD5
a3c5fbba1743945b3d9b6d8c8958dbda
-
SHA1
d01ab833f9223c05735961b0964871536d18daba
-
SHA256
66b20857c01e98b2e07c7c60eb7661689f303fb975f085bba45ab453b0b355ca
-
SHA512
c1dd61909eeb9ce6b9ce406227cc0109bbe39a46b43784210b720d922cf4893113bc56d1883c423e49d1dda4d20cf75af8036f025550f6a89cd3e817ea6f7ada
Malware Config
Extracted
danabot
92.204.160.126
193.34.166.26
93.115.22.159
93.115.22.165
185.227.138.52
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.vc.524
-
Size
2.6MB
-
MD5
a3c5fbba1743945b3d9b6d8c8958dbda
-
SHA1
d01ab833f9223c05735961b0964871536d18daba
-
SHA256
66b20857c01e98b2e07c7c60eb7661689f303fb975f085bba45ab453b0b355ca
-
SHA512
c1dd61909eeb9ce6b9ce406227cc0109bbe39a46b43784210b720d922cf4893113bc56d1883c423e49d1dda4d20cf75af8036f025550f6a89cd3e817ea6f7ada
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-