General
-
Target
1f7a10b683b0de5fe0de26dea80268144ac40511546513f39560666ae9d4fd49
-
Size
221KB
-
Sample
221024-wgvqfshhgj
-
MD5
92131ef7c2b669f6982e61f5045f87ae
-
SHA1
e76c98d8af081d4ede4bc1889e07c1052f28ae2d
-
SHA256
1f7a10b683b0de5fe0de26dea80268144ac40511546513f39560666ae9d4fd49
-
SHA512
d5ecdd4f2db0bde3053aff68d5ce3b3245dc6c2d7895d908e569adff6f75bc1385d5ae79fac83711df58a4b8c2bac2b168237a8ca93fcc77c56c1b8942df6522
-
SSDEEP
3072:pnnLHJ/vSTcwcZqlwLUNOwo6Usn574TeRI/fzFRakuws8a3hpso:pn93SqLU3o/zeOnzzaHz8a3hp
Static task
static1
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
1f7a10b683b0de5fe0de26dea80268144ac40511546513f39560666ae9d4fd49
-
Size
221KB
-
MD5
92131ef7c2b669f6982e61f5045f87ae
-
SHA1
e76c98d8af081d4ede4bc1889e07c1052f28ae2d
-
SHA256
1f7a10b683b0de5fe0de26dea80268144ac40511546513f39560666ae9d4fd49
-
SHA512
d5ecdd4f2db0bde3053aff68d5ce3b3245dc6c2d7895d908e569adff6f75bc1385d5ae79fac83711df58a4b8c2bac2b168237a8ca93fcc77c56c1b8942df6522
-
SSDEEP
3072:pnnLHJ/vSTcwcZqlwLUNOwo6Usn574TeRI/fzFRakuws8a3hpso:pn93SqLU3o/zeOnzzaHz8a3hp
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-