General
-
Target
ed30da424dc43e62e30ae480f41e237d0a8d7dbdd526d466cdc61f6303750051
-
Size
306KB
-
Sample
221219-hqe5gaed65
-
MD5
8ba89cb6de7e41ec69404990443a97ba
-
SHA1
af55bcc1d185f3e820d2a5a7eeb10170cf10011c
-
SHA256
ed30da424dc43e62e30ae480f41e237d0a8d7dbdd526d466cdc61f6303750051
-
SHA512
a9eeef96356bcdaa5a5ed8db9d4196bbe854f5ed11a7dc1c8e55fa5ee9ac3b50625f9b0851ebc6e29ddac8b23d019c47b55d4d48be0001664cc2b1cfd328c11a
-
SSDEEP
6144:feRrbPL/QsQk7H4p0HakV/S0iPvzpQ6rFiaI:fALQspo0z6xnzpQ6rF
Malware Config
Targets
-
-
Target
ed30da424dc43e62e30ae480f41e237d0a8d7dbdd526d466cdc61f6303750051
-
Size
306KB
-
MD5
8ba89cb6de7e41ec69404990443a97ba
-
SHA1
af55bcc1d185f3e820d2a5a7eeb10170cf10011c
-
SHA256
ed30da424dc43e62e30ae480f41e237d0a8d7dbdd526d466cdc61f6303750051
-
SHA512
a9eeef96356bcdaa5a5ed8db9d4196bbe854f5ed11a7dc1c8e55fa5ee9ac3b50625f9b0851ebc6e29ddac8b23d019c47b55d4d48be0001664cc2b1cfd328c11a
-
SSDEEP
6144:feRrbPL/QsQk7H4p0HakV/S0iPvzpQ6rFiaI:fALQspo0z6xnzpQ6rF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-