General

  • Target

    337d48261da1a0b48edd2c66991d1ac2.bin

  • Size

    6.1MB

  • Sample

    240623-by4pgayapj

  • MD5

    4bb5c2efc4301d3a4dadcba441cf76bc

  • SHA1

    044bd6cd5de03bc835b6423e06b1353b6f588dff

  • SHA256

    27d5d9978ea97ca23cf5c2a3dd5be5ec32e0fa10596caae3d888de8fd7e328fb

  • SHA512

    40c39ac5b17298e89fe5bb75a36b68478f6b6e2b66dd106aeff451804b113912eee40b492106a0a70eb4962dae5904768be7728b1c5e5c9d0ad71cffb42097a7

  • SSDEEP

    98304:YUYkQBt8Km/IIRc9zAYVJCUTOP3ufaV5iEWR6H5YpcNPz/9P+Qhn7J0koY:FQBzOIacLs4OP3P5AR6HoY9/JJ

Malware Config

Extracted

Family

danabot

Attributes
  • type

    loader

Targets

    • Target

      5225d9f8fde5e11240a7035a6988b7ee3ffca419eea8ca473e845ba0502bad3b.exe

    • Size

      6.1MB

    • MD5

      337d48261da1a0b48edd2c66991d1ac2

    • SHA1

      b04bef931efdc0ff889d84461ad97dac48fee4fc

    • SHA256

      5225d9f8fde5e11240a7035a6988b7ee3ffca419eea8ca473e845ba0502bad3b

    • SHA512

      aeb55d66a63fc57c04644c8ff33fe640ebe4ed9245677b653c2319bd1d94de86e3623d742591301f0ba712614dd1ac42a6a238360c94b36f56e981d4821ed59a

    • SSDEEP

      196608:rKppFEfoHJbI9Q0mOOZJYi3SGilZfjadonLE:rK7FtbIfQD9MfGdonL

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks