General
-
Target
ab4cf6181cfb102ec86c66d56af2d229.exe
-
Size
1.1MB
-
Sample
210725-ervgn2nag6
-
MD5
ab4cf6181cfb102ec86c66d56af2d229
-
SHA1
ac756cbff2887e804e9957898b0d6450a33a0aa1
-
SHA256
f7c566ca7413a1259a7bcc120bc431a5ad129438b1e8b9b51c398d5eecfc51a5
-
SHA512
dec2910e395b1714966c85741f1062f6a4b62a9a1ab3f8f92c573a2b44a49ced2a963f383247b871eb90ec7cc795a4226dc0944b8bce3e74bb3f5bd2024b0a2f
Malware Config
Extracted
danabot
1987
4
142.11.244.124:443
142.11.206.50:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
Targets
-
-
Target
ab4cf6181cfb102ec86c66d56af2d229.exe
-
Size
1.1MB
-
MD5
ab4cf6181cfb102ec86c66d56af2d229
-
SHA1
ac756cbff2887e804e9957898b0d6450a33a0aa1
-
SHA256
f7c566ca7413a1259a7bcc120bc431a5ad129438b1e8b9b51c398d5eecfc51a5
-
SHA512
dec2910e395b1714966c85741f1062f6a4b62a9a1ab3f8f92c573a2b44a49ced2a963f383247b871eb90ec7cc795a4226dc0944b8bce3e74bb3f5bd2024b0a2f
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-