General
-
Target
a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2
-
Size
214KB
-
Sample
221218-xv5y1sgd4t
-
MD5
c05d11bf62a4af347ba8caca87eb6b7f
-
SHA1
7c568736f6b62941305b436e803db675e5af1a96
-
SHA256
a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2
-
SHA512
d8ac0cb6c49a1292c65e9dc2da9e3b7d29d81409b6e4a105cfe650d4b504af244b7ef01432a9aba8c5cd1de0ea983122302b37d7e639727e72ebc589a31ee021
-
SSDEEP
3072:HXUZPFLLQDB7vRwwVPvUTM6Ef81sV2Zx5fxSsa5RwuNRAtOba+4LtlPnZjcbImdl:3U5FLLkB2gFXgfxY5R30TPnZjcbXF
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
A74585CDE58066055FE7DCD4BF3B5A4C
-
type
loader
Targets
-
-
Target
a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2
-
Size
214KB
-
MD5
c05d11bf62a4af347ba8caca87eb6b7f
-
SHA1
7c568736f6b62941305b436e803db675e5af1a96
-
SHA256
a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2
-
SHA512
d8ac0cb6c49a1292c65e9dc2da9e3b7d29d81409b6e4a105cfe650d4b504af244b7ef01432a9aba8c5cd1de0ea983122302b37d7e639727e72ebc589a31ee021
-
SSDEEP
3072:HXUZPFLLQDB7vRwwVPvUTM6Ef81sV2Zx5fxSsa5RwuNRAtOba+4LtlPnZjcbImdl:3U5FLLkB2gFXgfxY5R30TPnZjcbXF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-