Extracted

• • Target

    e496a2012a67bead17a4b47cae40729a.exe

  • Size

    6.0MB

  • MD5

    e496a2012a67bead17a4b47cae40729a

  • SHA1

    45e5362e9e0b00ed469259c633b0505d4486c587

  • SHA256

    db8220cbd62d1046db60abc9af4d4218c1a5b4193e970f19fcec7e67d58a1292

  • SHA512

    b4c51aada78c8c9c689101a6212b1c55211b7ec9bf555f390963f75b0e4369db475d4c1ce992b63cae177d38c8c7e3cac34db30af9eacd83be2d60c31b16fbd8

  Score

  10^/10

  danabot3bankerdiscoveryspywarestealertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  behavioral1behavioral2