General
-
Target
0c415967fbc5864f72e16ba41661522e559b1fa448c55ebf00bfac49de33dce2
-
Size
170KB
-
Sample
220926-camxgsaahm
-
MD5
893d4e27f1eeb13f20fc5e7ebfb0832d
-
SHA1
ed1585707d6d1a600bdca0123e22a7ba41a5fb4c
-
SHA256
0c415967fbc5864f72e16ba41661522e559b1fa448c55ebf00bfac49de33dce2
-
SHA512
dc8b6469477dd1ca658ebc7b3c866ed37ae159a5dd75091611b1b7b373a1a594446ab249b247e2eba3ba900c10401b4878327c018d09bf6358b233944b88af88
-
SSDEEP
3072:13q/POichgR35WFgtDhYodufaKBUtHq5x:dhHodufa5
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
redline
insmix
jamesmillion2.xyz:9420
-
auth_value
f388a05524f756108c9e4b0f4c4bafb6
Targets
-
-
Target
0c415967fbc5864f72e16ba41661522e559b1fa448c55ebf00bfac49de33dce2
-
Size
170KB
-
MD5
893d4e27f1eeb13f20fc5e7ebfb0832d
-
SHA1
ed1585707d6d1a600bdca0123e22a7ba41a5fb4c
-
SHA256
0c415967fbc5864f72e16ba41661522e559b1fa448c55ebf00bfac49de33dce2
-
SHA512
dc8b6469477dd1ca658ebc7b3c866ed37ae159a5dd75091611b1b7b373a1a594446ab249b247e2eba3ba900c10401b4878327c018d09bf6358b233944b88af88
-
SSDEEP
3072:13q/POichgR35WFgtDhYodufaKBUtHq5x:dhHodufa5
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-