General
-
Target
225c88e65ff652c0e6fedfcc827903c683b8926012f549a147ad4a41383444a5
-
Size
231KB
-
Sample
221015-gnekgsfcb9
-
MD5
266712b41f79a972e9c5b7fc7f56e589
-
SHA1
c196eda508526d5f3258b8a9a2366f1dcce7218f
-
SHA256
225c88e65ff652c0e6fedfcc827903c683b8926012f549a147ad4a41383444a5
-
SHA512
33c81175cec1a17c0b073a92520872679b52ba110616ae5eb64c3bdc37732bb003e420b4510cb323098c4058fd52c0b330141715434bd7e61378feeb8c6b9aad
-
SSDEEP
3072:uXpHtT40xYNLgxC5gb7RuGq+iadZtFuN7UELx++//8gD0KnXVSM4iFPA:21tTshwRy2d2Lx+g/1D0wVSL
Malware Config
Extracted
danabot
192.236.233.188:443
192.119.70.159:443
23.106.124.171:443
213.227.155.103:443
-
embedded_hash
56951C922035D696BFCE443750496462
-
type
loader
Targets
-
-
Target
225c88e65ff652c0e6fedfcc827903c683b8926012f549a147ad4a41383444a5
-
Size
231KB
-
MD5
266712b41f79a972e9c5b7fc7f56e589
-
SHA1
c196eda508526d5f3258b8a9a2366f1dcce7218f
-
SHA256
225c88e65ff652c0e6fedfcc827903c683b8926012f549a147ad4a41383444a5
-
SHA512
33c81175cec1a17c0b073a92520872679b52ba110616ae5eb64c3bdc37732bb003e420b4510cb323098c4058fd52c0b330141715434bd7e61378feeb8c6b9aad
-
SSDEEP
3072:uXpHtT40xYNLgxC5gb7RuGq+iadZtFuN7UELx++//8gD0KnXVSM4iFPA:21tTshwRy2d2Lx+g/1D0wVSL
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-