General
-
Target
c381be74503802df85c2eeeee364af5b.exe
-
Size
215KB
-
Sample
221221-jlyxfseh9s
-
MD5
c381be74503802df85c2eeeee364af5b
-
SHA1
c9758f326774a055ef4ea3d8a5ce2efff1f724c1
-
SHA256
af15f13244a94810f88fb859feffdcdd6793c1eb7298e71060f7181fc6f76e8b
-
SHA512
54d879d369edde5f8a11f533d9186cdd92f7c4510a47f210973af49a3502896ca0c20b6074bfc14bfa4eb01aa41ee1957f46aa58562d082c318cc7438118f274
-
SSDEEP
3072:A48kYLJGV5NnPEOpAc6cYc7istOV8A7b/PHrNyAC8skNHCDml:n8xLJkPEOpAhlc71tI8QHHrNCa
Malware Config
Targets
-
-
Target
c381be74503802df85c2eeeee364af5b.exe
-
Size
215KB
-
MD5
c381be74503802df85c2eeeee364af5b
-
SHA1
c9758f326774a055ef4ea3d8a5ce2efff1f724c1
-
SHA256
af15f13244a94810f88fb859feffdcdd6793c1eb7298e71060f7181fc6f76e8b
-
SHA512
54d879d369edde5f8a11f533d9186cdd92f7c4510a47f210973af49a3502896ca0c20b6074bfc14bfa4eb01aa41ee1957f46aa58562d082c318cc7438118f274
-
SSDEEP
3072:A48kYLJGV5NnPEOpAc6cYc7istOV8A7b/PHrNyAC8skNHCDml:n8xLJkPEOpAhlc71tI8QHHrNCa
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-