General
-
Target
cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
-
Size
141KB
-
Sample
221219-gt74zshd3z
-
MD5
2cf63d669a8d5750ec1fca467df24927
-
SHA1
983d5c3c16192be8c395a2749ae585c01449f38f
-
SHA256
13d0bccc67f336b4850a280804c64668acfa0c1d485faba4c8ff4c31bcde4cea
-
SHA512
712193a584dc2559de5572f2b39904b2800bd6c1124506ce985179e53f564721d48fabe14c8345ac8b2988c53c8367a5e0b7279c94d36ec05f502bb88bb396a6
-
SSDEEP
3072:sMw+yRsZagmOtKb5a/LxgcUeh0Pk5y3PdAuQSC1ix4:5fSYk5Ydg80PuUPKY4
Malware Config
Targets
-
-
Target
cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
-
Size
214KB
-
MD5
251a41fc5e568b24574e7a0649679240
-
SHA1
5f0ce9ee0c94d5e0d0c64ac435f4a1f6241ed2a1
-
SHA256
cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
-
SHA512
60c8feca298910e7606a3b3b4364423f5585f9a4b8f454dab92a23b06d2118d6eef34cbafbb14b2fa3e08f8c92f8ff7cb43f8f60b320e7bc6212ae2aef66f89a
-
SSDEEP
6144:Q9MLzWvtOIx+kkS169CKxPgnYypx+hH0MjlVklPH:Q9MvWv8IEkFwfPgvXuJlU
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-