General
-
Target
0bb2b15ca73128dbc816ea4ed583119c.exe
-
Size
2.4MB
-
Sample
221219-qkh8yaab4t
-
MD5
0bb2b15ca73128dbc816ea4ed583119c
-
SHA1
17d05964d9208ca1a27fd007ad5f41752cfa893e
-
SHA256
295dfd4608b81ee276a04f1c58d806b7f906695e744cfe8234eca6360c555ca8
-
SHA512
d58afa63c04cb95576e9a7b5ae026dc28526cee7a26c5e829c091356179f4d255503914398dd209c506743ab78f16cb84d862e2f8ae5f43282bfe2a3e7afe375
-
SSDEEP
49152:iXD0rCNQqajG67hoNMT2yt/bnrs/ddS972dXd43qq6auVL4/J+B:iXD0rCNq/Fn7mdS9ydNzpPVecB
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
0bb2b15ca73128dbc816ea4ed583119c.exe
-
Size
2.4MB
-
MD5
0bb2b15ca73128dbc816ea4ed583119c
-
SHA1
17d05964d9208ca1a27fd007ad5f41752cfa893e
-
SHA256
295dfd4608b81ee276a04f1c58d806b7f906695e744cfe8234eca6360c555ca8
-
SHA512
d58afa63c04cb95576e9a7b5ae026dc28526cee7a26c5e829c091356179f4d255503914398dd209c506743ab78f16cb84d862e2f8ae5f43282bfe2a3e7afe375
-
SSDEEP
49152:iXD0rCNQqajG67hoNMT2yt/bnrs/ddS972dXd43qq6auVL4/J+B:iXD0rCNq/Fn7mdS9ydNzpPVecB
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-