General
-
Target
63d486cb71ed442bd9e4c7df930cdaf57b801664439e740df984b95acf0ad918
-
Size
1006KB
-
Sample
221219-dn4ylaeb46
-
MD5
e234765ce130cccdd18b84c36d1396a9
-
SHA1
af6f1a721bd88574733879bb583da4e1a8c15c1f
-
SHA256
63d486cb71ed442bd9e4c7df930cdaf57b801664439e740df984b95acf0ad918
-
SHA512
29aca4c84fec3176919e57efa7fcbdf48ae3c7592d318433fa91e62751b00081f2c89f7aa964c6a6b2ed82a578d121b8ecd0dd1ab544bd944c11400c63fc5272
-
SSDEEP
24576:YZaRkxQ6gYZ3tPP2vHTH1INlLKJME/94LezAD3kYbXF:YkMVmHTVIvLKJMi9mezAD3zX
Malware Config
Targets
-
-
Target
63d486cb71ed442bd9e4c7df930cdaf57b801664439e740df984b95acf0ad918
-
Size
1006KB
-
MD5
e234765ce130cccdd18b84c36d1396a9
-
SHA1
af6f1a721bd88574733879bb583da4e1a8c15c1f
-
SHA256
63d486cb71ed442bd9e4c7df930cdaf57b801664439e740df984b95acf0ad918
-
SHA512
29aca4c84fec3176919e57efa7fcbdf48ae3c7592d318433fa91e62751b00081f2c89f7aa964c6a6b2ed82a578d121b8ecd0dd1ab544bd944c11400c63fc5272
-
SSDEEP
24576:YZaRkxQ6gYZ3tPP2vHTH1INlLKJME/94LezAD3kYbXF:YkMVmHTVIvLKJMi9mezAD3zX
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-