General
-
Target
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
Size
255KB
-
Sample
221027-ke65xsbfak
-
MD5
e45c5a6b86f88d05f6a7a803ebfc7d54
-
SHA1
621d16be1446624651204808e26e5e8d216dc11f
-
SHA256
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
SHA512
cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
-
SSDEEP
3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Extracted
systembc
45.182.189.231:443
Targets
-
-
Target
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
Size
255KB
-
MD5
e45c5a6b86f88d05f6a7a803ebfc7d54
-
SHA1
621d16be1446624651204808e26e5e8d216dc11f
-
SHA256
1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
-
SHA512
cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
-
SSDEEP
3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-