General
-
Target
03ac48aee2955b42f75b62c563887341a4157e910925e89e6fd6aed32595e1cb
-
Size
1.1MB
-
Sample
221220-xbazjaaf63
-
MD5
4c218215518e8bb6e9b02894ea2f3e46
-
SHA1
b8c23cf7863abcc30bc79191f609c9ee4f9f33d2
-
SHA256
03ac48aee2955b42f75b62c563887341a4157e910925e89e6fd6aed32595e1cb
-
SHA512
9d58653c1c6338bf5323ecf6db0f7c362e60c820ab84d3483b324179588d3261c6479a60cc9bcc1f5d5875e7a7fa1e061a69f9a26b61f358f8d576f5db457b61
-
SSDEEP
24576:ZiD++NvZx/ZlHqO/megPuD3y8ni/V01s5Y2Hkypf+gI1Mz:4D+UZx/39aPuD3ytV01mbKgI1Mz
Malware Config
Targets
-
-
Target
03ac48aee2955b42f75b62c563887341a4157e910925e89e6fd6aed32595e1cb
-
Size
1.1MB
-
MD5
4c218215518e8bb6e9b02894ea2f3e46
-
SHA1
b8c23cf7863abcc30bc79191f609c9ee4f9f33d2
-
SHA256
03ac48aee2955b42f75b62c563887341a4157e910925e89e6fd6aed32595e1cb
-
SHA512
9d58653c1c6338bf5323ecf6db0f7c362e60c820ab84d3483b324179588d3261c6479a60cc9bcc1f5d5875e7a7fa1e061a69f9a26b61f358f8d576f5db457b61
-
SSDEEP
24576:ZiD++NvZx/ZlHqO/megPuD3y8ni/V01s5Y2Hkypf+gI1Mz:4D+UZx/39aPuD3ytV01mbKgI1Mz
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-