Overview

overview

10

Static

static

cvhost.exe

windows7_x64

10

cvhost.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cvhost.exe

  • Size

    6.1MB

  • Sample

    210508-sr8lrk3h8j

  • MD5

    ca3a564e2dbaa4c15296d982286f9e19

  • SHA1

    e1aaabaf8e2e0e1709b82bcc9427b36465da2ce1

  • SHA256

    41b87704118429cf10614b868b6a0ebc3f3d85d2b154ee83101f01661636b4ee

  • SHA512

    29ab853dc5304ff69e48e65f8babe3858147a7d81035aba9a2aa2e12ae49ff7fea070ea45d8554e05fd4a9ccd72816e5605f7c42faa5810d113ddd7d2af0b1e0

Score
10/10
danabot3bankerdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

danabot

Version

1827

Botnet

3

C2

192.210.198.12:443

192.236.147.83:443

184.95.51.175:443

184.95.51.183:443
Attributes
  • embedded_hash

    AEF96B4D339B580ABB737F203C2D0F52

rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      cvhost.exe

    • Size

      6.1MB

    • MD5

      ca3a564e2dbaa4c15296d982286f9e19

    • SHA1

      e1aaabaf8e2e0e1709b82bcc9427b36465da2ce1

    • SHA256

      41b87704118429cf10614b868b6a0ebc3f3d85d2b154ee83101f01661636b4ee

    • SHA512

      29ab853dc5304ff69e48e65f8babe3858147a7d81035aba9a2aa2e12ae49ff7fea070ea45d8554e05fd4a9ccd72816e5605f7c42faa5810d113ddd7d2af0b1e0

    Score
    10/10
    danabot3bankerdiscoveryspywarestealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks