General
-
Target
ff48a20d7f33ff96546a5b6e060f6bb570b4e398d77991d720d60ddf4f30f167
-
Size
1.1MB
-
Sample
221221-j2pcysbh57
-
MD5
96e78dc64ec67e77e1738da9b733dc86
-
SHA1
b9dd381c4f1d359ecb73dacd187642db300ab90c
-
SHA256
ff48a20d7f33ff96546a5b6e060f6bb570b4e398d77991d720d60ddf4f30f167
-
SHA512
7533b4fa266e003905638176710aec4203d9f5808505ef4d619eddd4570b2d6b58b99933d976903b60d0b7d23b485778962782f8d84a387316e416dcd62fcaf7
-
SSDEEP
24576:9t5efswmTcnFScbbrTx47QYJkEJvx/4vCAnVGx2qJI/5Zs:9t5ekRQnFzifJ5wa691R
Malware Config
Targets
-
-
Target
ff48a20d7f33ff96546a5b6e060f6bb570b4e398d77991d720d60ddf4f30f167
-
Size
1.1MB
-
MD5
96e78dc64ec67e77e1738da9b733dc86
-
SHA1
b9dd381c4f1d359ecb73dacd187642db300ab90c
-
SHA256
ff48a20d7f33ff96546a5b6e060f6bb570b4e398d77991d720d60ddf4f30f167
-
SHA512
7533b4fa266e003905638176710aec4203d9f5808505ef4d619eddd4570b2d6b58b99933d976903b60d0b7d23b485778962782f8d84a387316e416dcd62fcaf7
-
SSDEEP
24576:9t5efswmTcnFScbbrTx47QYJkEJvx/4vCAnVGx2qJI/5Zs:9t5ekRQnFzifJ5wa691R
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-