General
-
Target
b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5
-
Size
141KB
-
Sample
221219-yn7ppsfh86
-
MD5
0c750cef4490b810ed5f735bcd838e3a
-
SHA1
c322c0c03fa15a7c8dff01caf2e592d3d782ed08
-
SHA256
098612c1426f8c912222d73b116b41236c7197fccc5c379f89ae0bfe00cc788f
-
SHA512
feff92cb8d9a35d2a49ca141f5ce7789e9cb01c90e10f231eeb5687d1fa4f747e67f8c13ad04cfd83e55d56abcc7fc3f172d88ff7a2f4bb2c827946c606751b0
-
SSDEEP
3072:BxRTSmvluynIAzyG8VLaijrrCr5gbmOt+y0E:BxJSmvvIg1OaAry5gbmKv
Malware Config
Targets
-
-
Target
b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5
-
Size
214KB
-
MD5
59299a2e1bb32ca5875b197e7d2d339f
-
SHA1
a081d3d73d8c39bf9049632af2a7a3e8a360165c
-
SHA256
b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5
-
SHA512
51562dc2e31b65ed77c4a404ab325f28e03d673a95079720be9ac1d43234228f16ddb8f0521fbe7980b2aa96051093037e6502b7dcea0e5244e8c16099928626
-
SSDEEP
3072:Y3BWLxxIaRRRdZoQt0nemkBAq2muZGVaNRAtOba+A3+9jcbImdzmuX:YRWLxx5Zx0emc/00nQjcbXF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-