General

  • Target

    ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d

  • Size

    153KB

  • Sample

    220926-pe43saagb4

  • MD5

    b9c560eb3782653f78125040dbe63790

  • SHA1

    d0bc58cb70f94a761ac45c6c982beae18f6b07b7

  • SHA256

    ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d

  • SHA512

    129ab350e9316cf68d44c0ea4a1a513e6ccdb86f3da19b1081b40444342ca6cc60b356c7e8ad7f92f97ac4c5146e8f489cdf8bf7e88c27e228ab61bb513040d1

  • SSDEEP

    3072:Ws7eCz5xhqcYOygRfHjp50Gs293AVBC+m5B:VhoOHRLf0hp

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

systembc

C2

141.98.82.229:4001

Targets

    • Target

      ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d

    • Size

      153KB

    • MD5

      b9c560eb3782653f78125040dbe63790

    • SHA1

      d0bc58cb70f94a761ac45c6c982beae18f6b07b7

    • SHA256

      ec0d24bab22b1580e26dbbf6229b4aa9718b60604cece4d7e1c83c12fd65d37d

    • SHA512

      129ab350e9316cf68d44c0ea4a1a513e6ccdb86f3da19b1081b40444342ca6cc60b356c7e8ad7f92f97ac4c5146e8f489cdf8bf7e88c27e228ab61bb513040d1

    • SSDEEP

      3072:Ws7eCz5xhqcYOygRfHjp50Gs293AVBC+m5B:VhoOHRLf0hp

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks