General
-
Target
c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
-
Size
255KB
-
Sample
221025-xr7y7sdec4
-
MD5
a5d3a700096282227570e9c794fdb3f3
-
SHA1
a4d6970ce0515546e9d58b5df2b66734c92c882f
-
SHA256
c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
-
SHA512
91498b7455a547edff16a74bcd6155ce6ce33e3a66dd980f011187824a537e94835ca9b4431d631227f8c17b233c687251212066f4280da613181f57fc3a9eca
-
SSDEEP
3072:GXVVinpHFLYS7GtqUM8ry8MRWnLtTyp3nclc1LWZ3hiK5ym+oBTHGZDKRn:urwlLToqUM8ry8TnLsWjX5ym+8TmYd
Static task
static1
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
-
Size
255KB
-
MD5
a5d3a700096282227570e9c794fdb3f3
-
SHA1
a4d6970ce0515546e9d58b5df2b66734c92c882f
-
SHA256
c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
-
SHA512
91498b7455a547edff16a74bcd6155ce6ce33e3a66dd980f011187824a537e94835ca9b4431d631227f8c17b233c687251212066f4280da613181f57fc3a9eca
-
SSDEEP
3072:GXVVinpHFLYS7GtqUM8ry8MRWnLtTyp3nclc1LWZ3hiK5ym+oBTHGZDKRn:urwlLToqUM8ry8TnLsWjX5ym+8TmYd
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-