General
-
Target
fd3cc7e17526fcbb103dc01f2faca1b6acea3be78916781242d679e730cb4a9e.zip
-
Size
219KB
-
Sample
250327-zasjaszly2
-
MD5
79d9fbbeee7146dd42c2677718863184
-
SHA1
03c60a02494239703d05e6f2c1d8a16e39df2a76
-
SHA256
fd3cc7e17526fcbb103dc01f2faca1b6acea3be78916781242d679e730cb4a9e
-
SHA512
6b066d6ee7b161f18d46175c26dd5652a9efef2296520fab1a351351bde80a40ebb9ba12b892d2c60b8919b156c12ff3f44ff2ce5262de32fcacf7d8e043814a
-
SSDEEP
6144:/pgUn6Xt7cEl8uTys9WbWKJK7lHrKC7u2:te7c19K7Z7
Malware Config
Extracted
danabot
209.182.218.222
185.227.109.40
185.136.165.128
161.129.65.197
217.182.56.71
254.55.37.53
228.175.167.154
56.38.135.17
168.127.65.186
185.181.8.49
Targets
-
-
Target
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a.js
-
Size
1.4MB
-
MD5
58a4f4d720e37e8068e6ebf835f5e37c
-
SHA1
81b196c4175097a2bc639764e71454986060da66
-
SHA256
66b7a497ff759634f91c4a6ae7c0b6fd90cd0c61076e4abc8d2f9166f343805a
-
SHA512
737932aa10d7bdef164441348b21c9b041476ce111ef9ad820c666b03a949589c12baa8fe07ef6db9c0487f8300e765604b27f16abecc04a0a2bb847ca1cc7f6
-
SSDEEP
1536:IEhnxw356jtCqQa+m/qCHPxGZvc8p8KoR0B2OncUhUtO91HnjCimnRZete7PENLR:I5xsWqsW+WLdeiot/lzwDA
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-