General

  • Target

    lapov.exe

  • Size

    1.1MB

  • Sample

    221219-t25eaaae7t

  • MD5

    8f4070594e2008388c46be164a59d9ae

  • SHA1

    bbbfde91f46f1bbfc8139bdd1d44e7a22e185b69

  • SHA256

    37b5287743c5de46c17952589bdc3632a5083450f799f6c8f314afa613f4ae34

  • SHA512

    2897cdbe665f83cebe00fbffa91a0674c756a12fa8ff2da0dba32fb7076bf286cc0d1e17f8ab50dcbc456365ef85caca56b318d9bf50e32b0ee1e1cb3b7ebfb8

  • SSDEEP

    24576:D4MwERrcsuCg2luv/4QwWU7kTV4t83ZUcwFP:MhMcsBl2whOHUDFP

Malware Config

Targets

    • Target

      lapov.exe

    • Size

      1.1MB

    • MD5

      8f4070594e2008388c46be164a59d9ae

    • SHA1

      bbbfde91f46f1bbfc8139bdd1d44e7a22e185b69

    • SHA256

      37b5287743c5de46c17952589bdc3632a5083450f799f6c8f314afa613f4ae34

    • SHA512

      2897cdbe665f83cebe00fbffa91a0674c756a12fa8ff2da0dba32fb7076bf286cc0d1e17f8ab50dcbc456365ef85caca56b318d9bf50e32b0ee1e1cb3b7ebfb8

    • SSDEEP

      24576:D4MwERrcsuCg2luv/4QwWU7kTV4t83ZUcwFP:MhMcsBl2whOHUDFP

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks