General
-
Target
10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
-
Size
204KB
-
Sample
221219-xhb56sfg32
-
MD5
091998b01f804ea304fd78faad52f981
-
SHA1
5dde7b9699fe62ba91f4d41d6ca659ed1d4a7444
-
SHA256
92f9d8bf36f047062359ea5a3966bd67bce38109afb95ba2c131e9a444e577ab
-
SHA512
387c23b873c1560517190a7300a2c08672b01bf3d7337a131e62fc68d4ffe0a7d86da221be4c965dc6f4bb3e2333be21b749832abfc3a5de0b17efbffa38bbe7
-
SSDEEP
3072:v2E5Pc5+oBkAVuFO+NNv2UQLTYs1DfoFBmF0zj0+0fVhU6LA+26Szr1VkiM86kiF:v2P5+foU5QN5AjzA+0fpLA+26UfkZZF
Malware Config
Targets
-
-
Target
10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
-
Size
306KB
-
MD5
f7ea58fd88a74d2ae69347cff426747b
-
SHA1
96de6d8700a1e8cf0cee0242799704f974ea94ee
-
SHA256
10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
-
SHA512
b7277938a9f425587e092a8d27065a429bca826d3a83409dbf0bbec6ae07ecbc8cdd1ad7c32ad8aeaf32277e41202662a64485a7e79b5c0ba8bb27ad74484727
-
SSDEEP
6144:5CfALtfX0FlgFP8QN5ASLsCVf0iPvzpQ6rFiaI:5xxfXUm8QNWSL3hxnzpQ6rF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-