Extracted

• • Target

    tmulvhhft.def

  • Size

    7.9MB

  • MD5

    ca1c1e010e7ddac258e9dee2625a9657

  • SHA1

    8c674aa81dd1e0ef523516b248682ff1c67c938b

  • SHA256

    a41d5274599dfe60823b477ea0dc20b9c8e9b398d8b287701f8cb02ea605ad84

  • SHA512

    19cea2ce1f1ec136b248cedd8045efdc2b94d59c6b1c01cd52179555dbdcbb3d39e135cdff7db7ba6a0e29546a41907c1f5b9cf159e0261f5ce1fa6f8c2d5642

  • SSDEEP

    98304:0MhrN1tEkygPgPzSWOC0cq8owkp2+ngw2twGzTnVYv9f8nVOl/3Gph8Sxa/L6Iuy:XDQOCIgJnswLEgv32I/gX

  Score

  10^/10

  danabot21bankerdiscoveryspywarestealertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Blocklisted process makes network request

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  behavioral1behavioral2