Extracted

• • Target

    sample

  • Size

    19KB

  • MD5

    dcb9d87a83da8972f5cee58389fd1805

  • SHA1

    04288b3a9f36616088c0111bea2473c8a32a9756

  • SHA256

    2ea93fd81425d720cdfcbcccfcc878f16f5e870139e14b851d149679ec82375a

  • SHA512

    2e5cc2973b00f2d9688c4cd051c3b40073828b5e65fbb4cf24f0123a2c262c5bc09e8383d4a27fafd4acc96c380d9b7c646176d4d92c77f337065dd69acbeab3

  • SSDEEP

    384:X6CdeU1ocy4K4lbGaIBvhpNC9CKVlObz6r0sZZfk1xCejiw:XVdZ1ocy4xEaAJpNCCVbz6r0sZBexPiw

  Score

  10^/10

  discoverydanabotfloxifbackdoorbankerbootkitbotnetevasionpersistenceransomwaretrojanupx

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Danabot family

    danabot

  • Danabot x86 payload

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet

  • Floxif family

    floxif

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif

  • Modifies WinLogon for persistence

    persistence

  • UAC bypass

    evasiontrojan

  • Detects Floxif payload

    backdoor

  • Blocklisted process makes network request

  • Disables Task Manager via registry modification

    evasion

  • Drops file in Drivers directory

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Sets desktop wallpaper using registry

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2