General
-
Target
489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
-
Size
204KB
-
Sample
221219-w8qwksag5w
-
MD5
38ee8f31847676b1eeaaf48af5a06f79
-
SHA1
618b0096c1ab807d96fa939e8ebca4aae6b98ed7
-
SHA256
bafd2755731e56ecc8842810ae163a42047bbc490143ac54d82b514208a06a67
-
SHA512
eda3629c6ff2688fd10200595942766a39e844ed382e881760407ac3bd76d51402663480ab88b27bf6383be86f551dae36755a8fc4968f2dc0b0d598d8df6101
-
SSDEEP
6144:fHrtwA1iq8LNgeqDGO1oK/xWY321amI15e:fHF1iq8LN4DG4ocx121PIbe
Malware Config
Targets
-
-
Target
489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
-
Size
307KB
-
MD5
ddf6f2c3455fb5f4738536262dd38afe
-
SHA1
f800d1f0f3b4de746a0663a13a4c8846b041404e
-
SHA256
489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
-
SHA512
21ffe2954f3c2e42f4400dd3619c9632a8800812c8b9450c5594568ade56e3490b20f4aa0a8684bc53578daa637e7b42055c0771ff20d34e11b91e143899870a
-
SSDEEP
6144:Bl5ULz/YGW19tz8bG5geqDGO1oK/Fn77jcJ0iPvzpQ6rFiaI:BY3/YGk9mbG54DG4ocFnixnzpQ6rF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-