General
-
Target
9a7db2d65e31976cd21e523c7057dff3.exe
-
Size
5.8MB
-
Sample
210409-jx6tbqvwna
-
MD5
9a7db2d65e31976cd21e523c7057dff3
-
SHA1
87592aed0ef32252b679bf1acd980bac28238fb6
-
SHA256
96bffd270b414da3f4efdc93714b11ea02f8b882f4a1368d58d976541a4f5f56
-
SHA512
8b89116319be53c7c531710b6aa36a7f80e6034a8d9642585a79c2e5182393bfb6350ad3be57ab0f9600fb51d79cd6e9f63c53e3719b8cfcde7e659f5d0cd3bc
Malware Config
Extracted
danabot
1827
3
23.106.123.249:443
23.106.123.141:443
23.254.225.170:443
134.119.186.216:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
9a7db2d65e31976cd21e523c7057dff3.exe
-
Size
5.8MB
-
MD5
9a7db2d65e31976cd21e523c7057dff3
-
SHA1
87592aed0ef32252b679bf1acd980bac28238fb6
-
SHA256
96bffd270b414da3f4efdc93714b11ea02f8b882f4a1368d58d976541a4f5f56
-
SHA512
8b89116319be53c7c531710b6aa36a7f80e6034a8d9642585a79c2e5182393bfb6350ad3be57ab0f9600fb51d79cd6e9f63c53e3719b8cfcde7e659f5d0cd3bc
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-