General

  • Target

    634d5613968229e1bf69e36703104763164799bd3f649db2568626733375c846

  • Size

    1.1MB

  • Sample

    221220-tzs88sac86

  • MD5

    2233bf6bf909427c24e6380f3f48a681

  • SHA1

    4229b41b0601de8f24080c098d804d6948c9d10c

  • SHA256

    634d5613968229e1bf69e36703104763164799bd3f649db2568626733375c846

  • SHA512

    7aa545902953f4d90ed790cd08cf8f58a3b49d84514d352350b24423dd0ca5e51107a02b95176b600a8d74f89645fd56a5c0a4fbb12dae3c39578f5516a80bbe

  • SSDEEP

    24576:8D0QOfugk3s1cjhG2nKnm4qVsz5fdYvbGRN8Mi12:D9yScNG22qVsdfy0mMi12

Malware Config

Targets

    • Target

      634d5613968229e1bf69e36703104763164799bd3f649db2568626733375c846

    • Size

      1.1MB

    • MD5

      2233bf6bf909427c24e6380f3f48a681

    • SHA1

      4229b41b0601de8f24080c098d804d6948c9d10c

    • SHA256

      634d5613968229e1bf69e36703104763164799bd3f649db2568626733375c846

    • SHA512

      7aa545902953f4d90ed790cd08cf8f58a3b49d84514d352350b24423dd0ca5e51107a02b95176b600a8d74f89645fd56a5c0a4fbb12dae3c39578f5516a80bbe

    • SSDEEP

      24576:8D0QOfugk3s1cjhG2nKnm4qVsz5fdYvbGRN8Mi12:D9yScNG22qVsdfy0mMi12

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks