General
-
Target
74061d9c247ce4fec3b7387b976f4c9e9aa347eb280806b1123fe974ae5a241c
-
Size
2.5MB
-
Sample
221208-1n6hrabf73
-
MD5
66c9c6aeed12e6da853973677c8841a4
-
SHA1
306459beddae9ecfb7296fcc79c3ff481e1962d3
-
SHA256
74061d9c247ce4fec3b7387b976f4c9e9aa347eb280806b1123fe974ae5a241c
-
SHA512
cf0a73a174c4fac89aa9df0aa2f90c0b463495fc78c38423a97611e0410f15b667263aa96a3067a08d12fcd2bfc10a815ec192e362c9797572a564626e292356
-
SSDEEP
49152:n475C8YdVpXOCOB5VJXXHWFdvbLhThA7oSP9hopgsUMDh1PF:s5CPz9O/VtX2PhhSo5pNH
Malware Config
Extracted
danabot
-
embedded_hash
341D2FD1638BB267A80C7445E1909B57
-
type
loader
Targets
-
-
Target
74061d9c247ce4fec3b7387b976f4c9e9aa347eb280806b1123fe974ae5a241c
-
Size
2.5MB
-
MD5
66c9c6aeed12e6da853973677c8841a4
-
SHA1
306459beddae9ecfb7296fcc79c3ff481e1962d3
-
SHA256
74061d9c247ce4fec3b7387b976f4c9e9aa347eb280806b1123fe974ae5a241c
-
SHA512
cf0a73a174c4fac89aa9df0aa2f90c0b463495fc78c38423a97611e0410f15b667263aa96a3067a08d12fcd2bfc10a815ec192e362c9797572a564626e292356
-
SSDEEP
49152:n475C8YdVpXOCOB5VJXXHWFdvbLhThA7oSP9hopgsUMDh1PF:s5CPz9O/VtX2PhhSo5pNH
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-