General
-
Target
3986f058232d8417708c9237dc40e41a.exe
-
Size
6.0MB
-
Sample
210603-1bzjjnb4t6
-
MD5
3986f058232d8417708c9237dc40e41a
-
SHA1
fd0728901999fa233db9ceca11eab6a054a5f976
-
SHA256
99d2fa555047809b0a3d7dbdf27ed83a4aa04de6c989dd1b581393b5cc12ba93
-
SHA512
d1dbe7a4bc1685985d094db266ccd1faf523c5419e6577405bdd1c5161b95b28fe8b467494ae41dbda3ddfd6e300b2b4e22012bbe438f4a2cd437e5295c7f1d4
Malware Config
Extracted
danabot
1827
3
184.95.51.183:443
184.95.51.175:443
192.210.198.12:443
184.95.51.180:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
3986f058232d8417708c9237dc40e41a.exe
-
Size
6.0MB
-
MD5
3986f058232d8417708c9237dc40e41a
-
SHA1
fd0728901999fa233db9ceca11eab6a054a5f976
-
SHA256
99d2fa555047809b0a3d7dbdf27ed83a4aa04de6c989dd1b581393b5cc12ba93
-
SHA512
d1dbe7a4bc1685985d094db266ccd1faf523c5419e6577405bdd1c5161b95b28fe8b467494ae41dbda3ddfd6e300b2b4e22012bbe438f4a2cd437e5295c7f1d4
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-