SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625

General
Target

SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625

Size

5MB

Sample

210409-7knphldxgs

Score
10 /10
MD5

54045155dcc1fee52ad9c969d7d5386d

SHA1

7b18b20697781ffcc2ee35b1d742b8e13ecfcb53

SHA256

5603b9b42a3fbac96324add022a3f433487d0beed0c56adb791d19d08af887e1

SHA512

df4cbcad31199659e04f76db8a8b00aff1fa00935e1a78d0269b55fc0aab474c52bfb4539e4fb8ab96ba2e2a292157507934988fa76799b459d2c7934aabf3cf

Malware Config

Extracted

Family danabot
Version 1827
Botnet 3
C2

193.34.167.88:443

192.210.198.12:443

23.81.246.201:443

192.3.26.107:443

Attributes
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

SecuriteInfo.com.Trojan.PWS.Stealer.30255.24265.28625

MD5

54045155dcc1fee52ad9c969d7d5386d

Filesize

5MB

Score
10 /10
SHA1

7b18b20697781ffcc2ee35b1d742b8e13ecfcb53

SHA256

5603b9b42a3fbac96324add022a3f433487d0beed0c56adb791d19d08af887e1

SHA512

df4cbcad31199659e04f76db8a8b00aff1fa00935e1a78d0269b55fc0aab474c52bfb4539e4fb8ab96ba2e2a292157507934988fa76799b459d2c7934aabf3cf

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation