General
-
Target
6f5910e79ae771bed168aca6be422a8e
-
Size
6.1MB
-
Sample
210614-f4dgdpw29j
-
MD5
6f5910e79ae771bed168aca6be422a8e
-
SHA1
b5eb4fe8c5a47d16b63edaa20a39c5ac17a084ba
-
SHA256
eae0803cd488c0649931c48e816c807dd1c6149a9f975dc68189f600af403114
-
SHA512
8a58a9df6d11275067cba53ce6d28c7b9ef3d62b30768ed04cc3d2460f15404566ed81faafc887de755dbc473330199b985701842ee83aa43cb2b1c46fb17002
Malware Config
Extracted
danabot
1827
3
192.210.198.12:443
37.220.31.50:443
184.95.51.183:443
184.95.51.175:443
-
embedded_hash
410EB249B3A3D8613B29638D583F7193
Targets
-
-
Target
6f5910e79ae771bed168aca6be422a8e
-
Size
6.1MB
-
MD5
6f5910e79ae771bed168aca6be422a8e
-
SHA1
b5eb4fe8c5a47d16b63edaa20a39c5ac17a084ba
-
SHA256
eae0803cd488c0649931c48e816c807dd1c6149a9f975dc68189f600af403114
-
SHA512
8a58a9df6d11275067cba53ce6d28c7b9ef3d62b30768ed04cc3d2460f15404566ed81faafc887de755dbc473330199b985701842ee83aa43cb2b1c46fb17002
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-