General
-
Target
a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
-
Size
230KB
-
Sample
221025-j6rnwacabq
-
MD5
9ff70e4d90f5e4b42a6e3b06bdeb5c3c
-
SHA1
4c2037f0d16854c95400b7378bf5c9da15278fe7
-
SHA256
a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
-
SHA512
68b7b1977e514b7b32cbd17d557842caef77f1ac55cfeaa939c4e162e069001cbb774835d4c79dd8d30ba33adbf77231ef3e08ce20b90e9f8165e4161f8b6371
-
SSDEEP
3072:oXr5dLhUWm8Y5trxfjdy1UQyqe+39KXJx4NgbYO7MB6TaUpRRMl:8FdLvm8crxfsUQVo8yYp0Ta22l
Static task
static1
Malware Config
Extracted
danabot
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
-
Size
230KB
-
MD5
9ff70e4d90f5e4b42a6e3b06bdeb5c3c
-
SHA1
4c2037f0d16854c95400b7378bf5c9da15278fe7
-
SHA256
a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
-
SHA512
68b7b1977e514b7b32cbd17d557842caef77f1ac55cfeaa939c4e162e069001cbb774835d4c79dd8d30ba33adbf77231ef3e08ce20b90e9f8165e4161f8b6371
-
SSDEEP
3072:oXr5dLhUWm8Y5trxfjdy1UQyqe+39KXJx4NgbYO7MB6TaUpRRMl:8FdLvm8crxfsUQVo8yYp0Ta22l
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-