General
-
Target
6774ec5a9e8b31e5d114416d6a30cffee3f188eafa8f4791221b87fbc86eafe9.zip
-
Size
1.2MB
-
Sample
250326-g4vawayvc1
-
MD5
cf6f596373a30848b0cd4ddf2aa698fa
-
SHA1
671250e987a51c3ea2dfc00f7d23ff1496f0fa85
-
SHA256
6774ec5a9e8b31e5d114416d6a30cffee3f188eafa8f4791221b87fbc86eafe9
-
SHA512
69cad189e5baa45e041d4bea39d32d636ab6632bee5d18e353ec8d468797a1b03174b21ceae13adf060d4f187173aef592689a5cb6bfbf6f7f562abb436b42e4
-
SSDEEP
24576:Jwcb2Vdyo6Ij78LvpWd9EV12cUV1SLx+5cYhlOiYjQJy0zN4dW:JTb2rb6xdWk1cG05cYhlOv0JbqdW
Malware Config
Extracted
danabot
172.81.129.196
54.38.22.65
192.99.219.207
51.255.134.130
192.236.179.73
23.82.140.201
45.147.228.92
Targets
-
-
Target
5771d87528058ce56e7770dbda6d3bb8970197e83e52dcd4914932ce792d9b8f.js
-
Size
8.4MB
-
MD5
8c0df25a2dd52747f1a23b1b2bf12ca5
-
SHA1
16c5ed299aecdaedd667b8f0ed7b3a3fdf6b5bb3
-
SHA256
5771d87528058ce56e7770dbda6d3bb8970197e83e52dcd4914932ce792d9b8f
-
SHA512
081ddbe43059136199584542dc937c6470510c5be34b0a8ecce124913e8c0718cd37de379ef24475cba80c632e0317f45afd2b8bc7077e6d7eeadccc77180d03
-
SSDEEP
3072:CzaGza6zaXzazza2+r+l+GKze7n6FOfljZZH:CzaGza6zaXzazza2+r+l+GK/ajZF
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-