General
-
Target
5c1d1f9af1f90003d08803b341d23c69.exe
-
Size
5.9MB
-
Sample
210428-9aqv7s7j4a
-
MD5
5c1d1f9af1f90003d08803b341d23c69
-
SHA1
323a3f7c38867632b1b3869357a09347e5bb15e0
-
SHA256
e7fc3d52074354612f8556b08284e769ba1fa0eb6e370414a163183ac7e3c9cd
-
SHA512
2e60162059a2cad4ecd1fb2afeeb1feed64f2109d1f5110439266249f71d6555ffe2934de1270ed909be8e1cd4adc2bba78e9868d25d7f5785aa05ff3a01b8a0
Malware Config
Extracted
danabot
1827
3
23.106.123.141:443
23.106.123.185:443
37.220.31.94:443
192.210.198.12:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
5c1d1f9af1f90003d08803b341d23c69.exe
-
Size
5.9MB
-
MD5
5c1d1f9af1f90003d08803b341d23c69
-
SHA1
323a3f7c38867632b1b3869357a09347e5bb15e0
-
SHA256
e7fc3d52074354612f8556b08284e769ba1fa0eb6e370414a163183ac7e3c9cd
-
SHA512
2e60162059a2cad4ecd1fb2afeeb1feed64f2109d1f5110439266249f71d6555ffe2934de1270ed909be8e1cd4adc2bba78e9868d25d7f5785aa05ff3a01b8a0
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-