General
-
Target
56ea27716635f202771e0256b84386ed6e89eaab283aa97cb34969274497c7fa
-
Size
228KB
-
Sample
221216-lcg9fshc51
-
MD5
f6b7c831a0321bec162ced0bcb1367c5
-
SHA1
3badbb354ef3e7c6fbcb47c23dd4f649ea32086b
-
SHA256
56ea27716635f202771e0256b84386ed6e89eaab283aa97cb34969274497c7fa
-
SHA512
aabeff1fa505045980731ac44523f758d1cc4973575a4781a413d58378e0c9eedd441a317a6efd9b6412c528dfd5b818403d4188720d251b2da8f04c5994c52c
-
SSDEEP
3072:hUQk4sn5L2Fqjd3cR94VVwPbZRLdWjYB0EkSRLQ2mppGT8HX0a4HtWqMPDcfuh:KQkJL2FqpKjLdWmAtP0a68qMrc
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Targets
-
-
Target
56ea27716635f202771e0256b84386ed6e89eaab283aa97cb34969274497c7fa
-
Size
228KB
-
MD5
f6b7c831a0321bec162ced0bcb1367c5
-
SHA1
3badbb354ef3e7c6fbcb47c23dd4f649ea32086b
-
SHA256
56ea27716635f202771e0256b84386ed6e89eaab283aa97cb34969274497c7fa
-
SHA512
aabeff1fa505045980731ac44523f758d1cc4973575a4781a413d58378e0c9eedd441a317a6efd9b6412c528dfd5b818403d4188720d251b2da8f04c5994c52c
-
SSDEEP
3072:hUQk4sn5L2Fqjd3cR94VVwPbZRLdWjYB0EkSRLQ2mppGT8HX0a4HtWqMPDcfuh:KQkJL2FqpKjLdWmAtP0a68qMrc
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-