General
-
Target
Crypt C.dll
-
Size
5.5MB
-
Sample
250318-pngc3swpt7
-
MD5
8d252f7a6ff4f929d86cf7feb95a5b08
-
SHA1
fa67e72ea1f9a6018407490359007022c784bdf8
-
SHA256
46a1eec81e8b0d889b6fde07a85405874d4b21da998b34e8b91fd852d1ddb458
-
SHA512
297ab8de6d887c1807bbbb49a04fe83c74874bf8647ab16e69f1680551c4dc50153affc92395c6c0705309df33a035c3368eba67d17220562f3c8c98a5c27f29
-
SSDEEP
98304:DW0704A7pKmwDNRdBYaAGmOGio38um37R6BJZO4A5cfebV/FkZQ:DW044gnwPnbAGmO83OR6BJZ9ATF
Static task
static1
Behavioral task
behavioral1
Sample
Crypt C.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Crypt C.dll
Resource
win10v2004-20250314-en
Malware Config
Extracted
danabot
-
type
loader
Targets
-
-
Target
Crypt C.dll
-
Size
5.5MB
-
MD5
8d252f7a6ff4f929d86cf7feb95a5b08
-
SHA1
fa67e72ea1f9a6018407490359007022c784bdf8
-
SHA256
46a1eec81e8b0d889b6fde07a85405874d4b21da998b34e8b91fd852d1ddb458
-
SHA512
297ab8de6d887c1807bbbb49a04fe83c74874bf8647ab16e69f1680551c4dc50153affc92395c6c0705309df33a035c3368eba67d17220562f3c8c98a5c27f29
-
SSDEEP
98304:DW0704A7pKmwDNRdBYaAGmOGio38um37R6BJZO4A5cfebV/FkZQ:DW044gnwPnbAGmO83OR6BJZ9ATF
-
Danabot family
-
Modifies visibility of file extensions in Explorer
-
Blocklisted process makes network request
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Authentication Process
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1