General
-
Target
8f4070594e2008388c46be164a59d9ae.exe
-
Size
1.1MB
-
Sample
221220-lxswpacd2w
-
MD5
8f4070594e2008388c46be164a59d9ae
-
SHA1
bbbfde91f46f1bbfc8139bdd1d44e7a22e185b69
-
SHA256
37b5287743c5de46c17952589bdc3632a5083450f799f6c8f314afa613f4ae34
-
SHA512
2897cdbe665f83cebe00fbffa91a0674c756a12fa8ff2da0dba32fb7076bf286cc0d1e17f8ab50dcbc456365ef85caca56b318d9bf50e32b0ee1e1cb3b7ebfb8
-
SSDEEP
24576:D4MwERrcsuCg2luv/4QwWU7kTV4t83ZUcwFP:MhMcsBl2whOHUDFP
Malware Config
Targets
-
-
Target
8f4070594e2008388c46be164a59d9ae.exe
-
Size
1.1MB
-
MD5
8f4070594e2008388c46be164a59d9ae
-
SHA1
bbbfde91f46f1bbfc8139bdd1d44e7a22e185b69
-
SHA256
37b5287743c5de46c17952589bdc3632a5083450f799f6c8f314afa613f4ae34
-
SHA512
2897cdbe665f83cebe00fbffa91a0674c756a12fa8ff2da0dba32fb7076bf286cc0d1e17f8ab50dcbc456365ef85caca56b318d9bf50e32b0ee1e1cb3b7ebfb8
-
SSDEEP
24576:D4MwERrcsuCg2luv/4QwWU7kTV4t83ZUcwFP:MhMcsBl2whOHUDFP
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Modifies visibility of file extensions in Explorer
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-