Extracted

• • Target

    c279a62ec30da201ec66c5ff8f4014d2.exe

  • Size

    5.9MB

  • MD5

    c279a62ec30da201ec66c5ff8f4014d2

  • SHA1

    683ddb5789c777fc26fce49e9d2f976f099441e5

  • SHA256

    16b4aafdfea48f7e044ad1420b2d14c936fac2881a3fecca360a9692faac2425

  • SHA512

    80535d41ad8df48820a90dd238513b47b3942ec3a9d34d1fe1f047ac6615f507c70f348751a378dac6688e9a20c2487db2ce163632bef601ab455f5314f0f938

  Score

  10^/10

  danabot3bankerdiscoveryspywarestealertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  behavioral1behavioral2