General
-
Target
5b37cb232abca4e0345bc66dd7fabd08.exe
-
Size
304KB
-
Sample
221220-lr7snahb79
-
MD5
5b37cb232abca4e0345bc66dd7fabd08
-
SHA1
6e233f50b18eb33ae5f27778a84bc90438b51884
-
SHA256
ae9fc18e886fbf5071040cfe4ca2545ba25492c6fc43b9c10dc7c43520e6360c
-
SHA512
7ca16431ff12628287a15adddca81e92992850593d15a25e9f89203957409f286e89cc4fa05758c060ad61647a0242209c04db31458e440d3f03488e53d908b8
-
SSDEEP
6144:EFLxGE756QHbWUtbxlZlqpQP63QZImQKG0:sVGE96QHKUblWpQQQZW
Malware Config
Extracted
systembc
109.205.214.18:443
Targets
-
-
Target
5b37cb232abca4e0345bc66dd7fabd08.exe
-
Size
304KB
-
MD5
5b37cb232abca4e0345bc66dd7fabd08
-
SHA1
6e233f50b18eb33ae5f27778a84bc90438b51884
-
SHA256
ae9fc18e886fbf5071040cfe4ca2545ba25492c6fc43b9c10dc7c43520e6360c
-
SHA512
7ca16431ff12628287a15adddca81e92992850593d15a25e9f89203957409f286e89cc4fa05758c060ad61647a0242209c04db31458e440d3f03488e53d908b8
-
SSDEEP
6144:EFLxGE756QHbWUtbxlZlqpQP63QZImQKG0:sVGE96QHKUblWpQQQZW
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-