General
-
Target
9c30eabfd6695f58f2b710f56b8b3927.exe
-
Size
1.3MB
-
Sample
221027-tj2wfacgfj
-
MD5
9c30eabfd6695f58f2b710f56b8b3927
-
SHA1
b13e40b1c25c426f8d60211e45bbf5ab2a737623
-
SHA256
9ccc3410d3a38cffb1050dd9117262cfde5820c8205ab3d0d7579c320bffb183
-
SHA512
c6b548061da841c9e03490a0122874fef61d44ad99f61a9ade31068b32c6008f5dea11ace30a478544767a823189581b64b42a5055b93d1214860df6eef73cb5
-
SSDEEP
24576:CxDbmMW55xj7yxz76JgzFoy5avPZhOKCK9yXTh3KkA:CxPmMWnNyxH6OzVGPaKC3xK3
Malware Config
Extracted
danabot
172.86.120.215:443
213.227.155.103:443
103.187.26.147:443
172.86.120.138:443
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
-
type
loader
Targets
-
-
Target
9c30eabfd6695f58f2b710f56b8b3927.exe
-
Size
1.3MB
-
MD5
9c30eabfd6695f58f2b710f56b8b3927
-
SHA1
b13e40b1c25c426f8d60211e45bbf5ab2a737623
-
SHA256
9ccc3410d3a38cffb1050dd9117262cfde5820c8205ab3d0d7579c320bffb183
-
SHA512
c6b548061da841c9e03490a0122874fef61d44ad99f61a9ade31068b32c6008f5dea11ace30a478544767a823189581b64b42a5055b93d1214860df6eef73cb5
-
SSDEEP
24576:CxDbmMW55xj7yxz76JgzFoy5avPZhOKCK9yXTh3KkA:CxPmMWnNyxH6OzVGPaKC3xK3
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-