General
-
Target
57462a03024056258e2b9979d50efb16e30ecdab9e9cda9bc7e7e62fd6a694bb
-
Size
1.1MB
-
Sample
221220-3bj54aed6y
-
MD5
cefdeeedeae94644485f2f7b17479059
-
SHA1
98875840acd3da6fd699b3b8b96aa3cfa1796580
-
SHA256
57462a03024056258e2b9979d50efb16e30ecdab9e9cda9bc7e7e62fd6a694bb
-
SHA512
f52f8484a03dcf4d57e6f43ce46effa301ae5ab580000cd03a6d6587678c1c3a6b6ed9e289d915e342e506aa9ea46e66eec039a0db2f82d53d020bf33bb8f6c4
-
SSDEEP
12288:PSnF2P2yBuTM2Hc0jRlXzSw29b7E3uhpmHuibF6Uado5tmA8Kr84go6Iw85UCR4B:3P1cMCJjnf2R7HpswkFr8vh6R4nepu
Malware Config
Targets
-
-
Target
57462a03024056258e2b9979d50efb16e30ecdab9e9cda9bc7e7e62fd6a694bb
-
Size
1.1MB
-
MD5
cefdeeedeae94644485f2f7b17479059
-
SHA1
98875840acd3da6fd699b3b8b96aa3cfa1796580
-
SHA256
57462a03024056258e2b9979d50efb16e30ecdab9e9cda9bc7e7e62fd6a694bb
-
SHA512
f52f8484a03dcf4d57e6f43ce46effa301ae5ab580000cd03a6d6587678c1c3a6b6ed9e289d915e342e506aa9ea46e66eec039a0db2f82d53d020bf33bb8f6c4
-
SSDEEP
12288:PSnF2P2yBuTM2Hc0jRlXzSw29b7E3uhpmHuibF6Uado5tmA8Kr84go6Iw85UCR4B:3P1cMCJjnf2R7HpswkFr8vh6R4nepu
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-