General
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625
-
Size
5.9MB
-
Sample
210409-7knphldxgs
-
MD5
54045155dcc1fee52ad9c969d7d5386d
-
SHA1
7b18b20697781ffcc2ee35b1d742b8e13ecfcb53
-
SHA256
5603b9b42a3fbac96324add022a3f433487d0beed0c56adb791d19d08af887e1
-
SHA512
df4cbcad31199659e04f76db8a8b00aff1fa00935e1a78d0269b55fc0aab474c52bfb4539e4fb8ab96ba2e2a292157507934988fa76799b459d2c7934aabf3cf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
1827
3
193.34.167.88:443
192.210.198.12:443
23.81.246.201:443
192.3.26.107:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625
-
Size
5.9MB
-
MD5
54045155dcc1fee52ad9c969d7d5386d
-
SHA1
7b18b20697781ffcc2ee35b1d742b8e13ecfcb53
-
SHA256
5603b9b42a3fbac96324add022a3f433487d0beed0c56adb791d19d08af887e1
-
SHA512
df4cbcad31199659e04f76db8a8b00aff1fa00935e1a78d0269b55fc0aab474c52bfb4539e4fb8ab96ba2e2a292157507934988fa76799b459d2c7934aabf3cf
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-