General
-
Target
8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
-
Size
142KB
-
Sample
221219-xr9sssfg67
-
MD5
0566de89b6938bdbebc11151b241bf81
-
SHA1
e5a65e188a276a3e979ab188b946f8f5a7dbef20
-
SHA256
7c790cb2f253102366ed85cc6c3f765a29116b33ec26a91d2ba57a66e6940ee4
-
SHA512
dc3a848d911f67b994e6b06f08c73260ce64013ac0d3be8112d55a238aa9ca8766a864b85c58dbfa7cc0421ad99eac8f86bdf1f75705ef7506b70dafcf637ec3
-
SSDEEP
3072:Sf/ex0ijE5mgX1W0MuyTNfAVxAv2b76qVnqyXktyKYI2AOzjlJ8jgaXmx6AHq:E2miI518Fu2Y7Av2HdROyI2AkjlJ8j71
Malware Config
Targets
-
-
Target
8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
-
Size
215KB
-
MD5
3b17f10ec44f19f0e4e05fb5c3d5fb20
-
SHA1
9afeff022ddd92b6dac4017dcc272a1497820105
-
SHA256
8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
-
SHA512
bd4eb7e6ca93544df0f75a18530292aaed0e02e2e42bfe0961d5e8f1a9bcbf5404e6f5799bec59cb33dd84a5b827195cc7fc961df07ca0632b18783e20955d15
-
SSDEEP
3072:JekQL87GOaRWHf7ucni1rKjsECwfMIawaNRAtOba+lhgjcbImdzmuX:JLQL8GoHTuc8e7CR/30agjcbXF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-