General
-
Target
e4dda0affa5ceb001672a2e1887c75dfa3b62d70997f52809a568acab24d5a28
-
Size
222KB
-
Sample
221024-yn5v4sadam
-
MD5
10836e8b2993dda828fcf4ef9f0d5bbd
-
SHA1
93fbda524339bb9b433ad97559117b699c73e2c6
-
SHA256
e4dda0affa5ceb001672a2e1887c75dfa3b62d70997f52809a568acab24d5a28
-
SHA512
354f02c9d166eb4469472f8e6ff98112469772597b3b533e721a4aa39f6b0f0fdf9be23dd4efb701b474d05514a6ecd4782379d0ec0085f7aa3a1d8fe3bd6b6a
-
SSDEEP
3072:7unNvB9FK8XU9PPLFCMw0B6mG5EZ+ICnZ6LO2fZQjw8z07IMck7fQ:7utBjQPPLg70BDR+FnYLRO2Ia7f
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
e4dda0affa5ceb001672a2e1887c75dfa3b62d70997f52809a568acab24d5a28
-
Size
222KB
-
MD5
10836e8b2993dda828fcf4ef9f0d5bbd
-
SHA1
93fbda524339bb9b433ad97559117b699c73e2c6
-
SHA256
e4dda0affa5ceb001672a2e1887c75dfa3b62d70997f52809a568acab24d5a28
-
SHA512
354f02c9d166eb4469472f8e6ff98112469772597b3b533e721a4aa39f6b0f0fdf9be23dd4efb701b474d05514a6ecd4782379d0ec0085f7aa3a1d8fe3bd6b6a
-
SSDEEP
3072:7unNvB9FK8XU9PPLFCMw0B6mG5EZ+ICnZ6LO2fZQjw8z07IMck7fQ:7utBjQPPLg70BDR+FnYLRO2Ia7f
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-