General

  • Target

    2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e

  • Size

    327KB

  • Sample

    221215-lx6gsacb29

  • MD5

    8d73778b1e919c68f023e8995a8aaee0

  • SHA1

    b6ba513b4bf1830451aed41121ddf8b5e32ee01f

  • SHA256

    2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e

  • SHA512

    55d1de360d01ed559e44542254bc454d8d22e7b63f167265fb40d68c82c11c37f43e43d221ae76c841eaf736432ac87b63066056db91871289afb49b2598d999

  • SSDEEP

    6144:0YEcLdiKSYgGFVQ2S9d4eWtGncS3Sbjfxur/tb:BhiKA2S9d3WtGnZSbjJurR

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes
  • type

    loader

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

    • Target

      2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e

    • Size

      327KB

    • MD5

      8d73778b1e919c68f023e8995a8aaee0

    • SHA1

      b6ba513b4bf1830451aed41121ddf8b5e32ee01f

    • SHA256

      2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e

    • SHA512

      55d1de360d01ed559e44542254bc454d8d22e7b63f167265fb40d68c82c11c37f43e43d221ae76c841eaf736432ac87b63066056db91871289afb49b2598d999

    • SSDEEP

      6144:0YEcLdiKSYgGFVQ2S9d4eWtGncS3Sbjfxur/tb:BhiKA2S9d3WtGnZSbjJurR

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks