General
-
Target
d6432b92be7eb3decbfc25b5e8a1b5c8.exe
-
Size
6.1MB
-
Sample
210529-7bjxqdn5ja
-
MD5
d6432b92be7eb3decbfc25b5e8a1b5c8
-
SHA1
4283fed9989befe8bcb180cb5e43313d8878cc49
-
SHA256
eab508f41f98339ead04d09fc47c537e6e1b975f8233127d81196196b974bf27
-
SHA512
e63bef350f31543ddacb7b58fbbc57c4ff478542333c2603b5bfb09267c69f876c115a8b0160b442ab2b9d8dd8eb57b4e4079a907d391595101c71458ad8bcca
Malware Config
Extracted
danabot
1827
3
184.95.51.183:443
184.95.51.175:443
192.210.198.12:443
184.95.51.180:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
d6432b92be7eb3decbfc25b5e8a1b5c8.exe
-
Size
6.1MB
-
MD5
d6432b92be7eb3decbfc25b5e8a1b5c8
-
SHA1
4283fed9989befe8bcb180cb5e43313d8878cc49
-
SHA256
eab508f41f98339ead04d09fc47c537e6e1b975f8233127d81196196b974bf27
-
SHA512
e63bef350f31543ddacb7b58fbbc57c4ff478542333c2603b5bfb09267c69f876c115a8b0160b442ab2b9d8dd8eb57b4e4079a907d391595101c71458ad8bcca
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-