General
-
Target
b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
-
Size
221KB
-
Sample
221024-28j1xsahg9
-
MD5
f696547b87fb1d7c5dd4197979490e20
-
SHA1
7daa7b49d3b596313fd795e557ff2ca2f0fddf12
-
SHA256
b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
-
SHA512
3c81bc47d411087b627df4b4ab2ac3a6e9a43969f7ccbdc9c84a65b5e4c35be3797b723a6a1f2daacaac6327e7b4543399fb186d372135ca3d768c29eb8985b0
-
SSDEEP
3072:TUnW5dHsT6g7dLnL4WhhwY6F5AgI/kme4rF4D3je6Osh:TUWzKL4WgYrgme4k3
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
-
Size
221KB
-
MD5
f696547b87fb1d7c5dd4197979490e20
-
SHA1
7daa7b49d3b596313fd795e557ff2ca2f0fddf12
-
SHA256
b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
-
SHA512
3c81bc47d411087b627df4b4ab2ac3a6e9a43969f7ccbdc9c84a65b5e4c35be3797b723a6a1f2daacaac6327e7b4543399fb186d372135ca3d768c29eb8985b0
-
SSDEEP
3072:TUnW5dHsT6g7dLnL4WhhwY6F5AgI/kme4rF4D3je6Osh:TUWzKL4WgYrgme4k3
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-