General
-
Target
804a0999f1e0c5a8e083f0a36ccfe7ad8a6ab94a0c77d6ab74175540c990f95e
-
Size
2.4MB
-
Sample
221218-j22y2sba99
-
MD5
6e10b6107066da8b83187a14c8b68b23
-
SHA1
bfe5bb0d1fbd503226abf58fbd88e91e8f17ba05
-
SHA256
804a0999f1e0c5a8e083f0a36ccfe7ad8a6ab94a0c77d6ab74175540c990f95e
-
SHA512
6f4715008d918f0a940bae3970e072c39b16a6c8fb66f10bc32c4b611c93a437b3475646d0fafa3e814af6d5013a518ba5893c2c984b558f66733b4d03f83461
-
SSDEEP
49152:jp3TkvTxVW0z7cby/T8uzPI57F0KaCz2avq7aYm:gWMBzPI57F03C5Ym
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
804a0999f1e0c5a8e083f0a36ccfe7ad8a6ab94a0c77d6ab74175540c990f95e
-
Size
2.4MB
-
MD5
6e10b6107066da8b83187a14c8b68b23
-
SHA1
bfe5bb0d1fbd503226abf58fbd88e91e8f17ba05
-
SHA256
804a0999f1e0c5a8e083f0a36ccfe7ad8a6ab94a0c77d6ab74175540c990f95e
-
SHA512
6f4715008d918f0a940bae3970e072c39b16a6c8fb66f10bc32c4b611c93a437b3475646d0fafa3e814af6d5013a518ba5893c2c984b558f66733b4d03f83461
-
SSDEEP
49152:jp3TkvTxVW0z7cby/T8uzPI57F0KaCz2avq7aYm:gWMBzPI57F03C5Ym
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-