General
-
Target
3ef99fba02debc2ef81f3011f86a1372exe_JC.exe
-
Size
279KB
-
Sample
231005-vbk4dscg5v
-
MD5
3ef99fba02debc2ef81f3011f86a1372
-
SHA1
5b21a1779d69466f3a69623fa64c244f6b890332
-
SHA256
f57dab60885da9213f24b4896129182cb29ad3bd7be194685b68d61e6357188b
-
SHA512
5a873f1d1342d739d0cd3d6adc5b59ef08f4a0a9cc81e10a18cc6e7c57db0c673b8520c5ae526e51340f6d17a1c870ca314fa983350b1adb9ab910ca851cd990
-
SSDEEP
3072:iwX3rFrz0c5qakoZLBP0xwx9bc82oO2SmQo38iC296Er621QZCjTX5ityt87hX9:X5rz35qakKp0xwXt2oOz2M57Er62Sty
Malware Config
Targets
-
-
Target
3ef99fba02debc2ef81f3011f86a1372exe_JC.exe
-
Size
279KB
-
MD5
3ef99fba02debc2ef81f3011f86a1372
-
SHA1
5b21a1779d69466f3a69623fa64c244f6b890332
-
SHA256
f57dab60885da9213f24b4896129182cb29ad3bd7be194685b68d61e6357188b
-
SHA512
5a873f1d1342d739d0cd3d6adc5b59ef08f4a0a9cc81e10a18cc6e7c57db0c673b8520c5ae526e51340f6d17a1c870ca314fa983350b1adb9ab910ca851cd990
-
SSDEEP
3072:iwX3rFrz0c5qakoZLBP0xwx9bc82oO2SmQo38iC296Er621QZCjTX5ityt87hX9:X5rz35qakKp0xwXt2oOz2M57Er62Sty
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-