General

  • Target

    efd753a82d9ab58041b4a4a71721031378ab457fc8023192a6302839bcd2ed2b

  • Size

    4.2MB

  • Sample

    221217-ybnq3ahd22

  • MD5

    132272df191d6379fa81244e29bb21fa

  • SHA1

    9d01629c1e21107fda5d59c5d68b2c18c980cb37

  • SHA256

    efd753a82d9ab58041b4a4a71721031378ab457fc8023192a6302839bcd2ed2b

  • SHA512

    23b1c81cdd5dae8cf961458e71165e3a5cf5b5d4a6a9c706355a611ef5f52b7a0014653862e227487fb9900c83444fea297e27cbbf6c70f80832c98a114d84dc

  • SSDEEP

    98304:5krcHlMSCOl0tbIjtpRQvkrERXREGW+XXXkAFivdVvfSg:ec8YAvkrERBEGWWnkai1N6

Score
10/10

Malware Config

Targets

    • Target

      efd753a82d9ab58041b4a4a71721031378ab457fc8023192a6302839bcd2ed2b

    • Size

      4.2MB

    • MD5

      132272df191d6379fa81244e29bb21fa

    • SHA1

      9d01629c1e21107fda5d59c5d68b2c18c980cb37

    • SHA256

      efd753a82d9ab58041b4a4a71721031378ab457fc8023192a6302839bcd2ed2b

    • SHA512

      23b1c81cdd5dae8cf961458e71165e3a5cf5b5d4a6a9c706355a611ef5f52b7a0014653862e227487fb9900c83444fea297e27cbbf6c70f80832c98a114d84dc

    • SSDEEP

      98304:5krcHlMSCOl0tbIjtpRQvkrERXREGW+XXXkAFivdVvfSg:ec8YAvkrERBEGWWnkai1N6

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks