General

  • Target

    a4eaffeaa8d3e7d97e5f07910eaab89e6b2af55672590a2bebf23982c489aee7.exe

  • Size

    18.8MB

  • Sample

    241130-yktnnsxmej

  • MD5

    ca0779d9e66bc107c13c0479b9fed977

  • SHA1

    e7c5ef7ec390aad8fc2b2e1edf470181e9f524f3

  • SHA256

    a4eaffeaa8d3e7d97e5f07910eaab89e6b2af55672590a2bebf23982c489aee7

  • SHA512

    3cddef7bf9f7308f444e47865858d9591de6ff37009d1b58a441cd5ba78342a1908c8ae91450eaaa671f746d08cfb227f6a397a7479c9576fa9c4c6faf990901

  • SSDEEP

    98304:JicU/ooWRbog8zGnUVB1ucXzVcQedKvPaW7IXHUcPUljApAYA6dw3:I9VBocXzpPl7IXUcPUlGA

Malware Config

Extracted

Family

danabot

Attributes
  • type

    loader

Targets

    • Target

      a4eaffeaa8d3e7d97e5f07910eaab89e6b2af55672590a2bebf23982c489aee7.exe

    • Size

      18.8MB

    • MD5

      ca0779d9e66bc107c13c0479b9fed977

    • SHA1

      e7c5ef7ec390aad8fc2b2e1edf470181e9f524f3

    • SHA256

      a4eaffeaa8d3e7d97e5f07910eaab89e6b2af55672590a2bebf23982c489aee7

    • SHA512

      3cddef7bf9f7308f444e47865858d9591de6ff37009d1b58a441cd5ba78342a1908c8ae91450eaaa671f746d08cfb227f6a397a7479c9576fa9c4c6faf990901

    • SSDEEP

      98304:JicU/ooWRbog8zGnUVB1ucXzVcQedKvPaW7IXHUcPUljApAYA6dw3:I9VBocXzpPl7IXUcPUlGA

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks