General
-
Target
c279a62ec30da201ec66c5ff8f4014d2.exe
-
Size
5.9MB
-
Sample
210429-njs4jp3p76
-
MD5
c279a62ec30da201ec66c5ff8f4014d2
-
SHA1
683ddb5789c777fc26fce49e9d2f976f099441e5
-
SHA256
16b4aafdfea48f7e044ad1420b2d14c936fac2881a3fecca360a9692faac2425
-
SHA512
80535d41ad8df48820a90dd238513b47b3942ec3a9d34d1fe1f047ac6615f507c70f348751a378dac6688e9a20c2487db2ce163632bef601ab455f5314f0f938
Malware Config
Extracted
danabot
1827
3
192.236.147.83:443
184.95.51.175:443
23.106.123.141:443
23.254.225.170:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
c279a62ec30da201ec66c5ff8f4014d2.exe
-
Size
5.9MB
-
MD5
c279a62ec30da201ec66c5ff8f4014d2
-
SHA1
683ddb5789c777fc26fce49e9d2f976f099441e5
-
SHA256
16b4aafdfea48f7e044ad1420b2d14c936fac2881a3fecca360a9692faac2425
-
SHA512
80535d41ad8df48820a90dd238513b47b3942ec3a9d34d1fe1f047ac6615f507c70f348751a378dac6688e9a20c2487db2ce163632bef601ab455f5314f0f938
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-