General
-
Target
985accff31e9b31ca717712c2ca1d291586378c382f5f97dfb5329f6abac0698
-
Size
1.1MB
-
Sample
211021-d2wt5shgf4
-
MD5
d0ce15e58772ed3b4422cbfe93b5e4d1
-
SHA1
fa6672fc609a79b646608b6b4074cbc77c4377cf
-
SHA256
985accff31e9b31ca717712c2ca1d291586378c382f5f97dfb5329f6abac0698
-
SHA512
f804b8331baf6accd17887a217660b8c500bd35c80925dda2e0239acbf811679ba99d9151bf8478055e576c6dd1bc2001b4521ffbc57f58b8b02c6c784f013fc
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
985accff31e9b31ca717712c2ca1d291586378c382f5f97dfb5329f6abac0698
-
Size
1.1MB
-
MD5
d0ce15e58772ed3b4422cbfe93b5e4d1
-
SHA1
fa6672fc609a79b646608b6b4074cbc77c4377cf
-
SHA256
985accff31e9b31ca717712c2ca1d291586378c382f5f97dfb5329f6abac0698
-
SHA512
f804b8331baf6accd17887a217660b8c500bd35c80925dda2e0239acbf811679ba99d9151bf8478055e576c6dd1bc2001b4521ffbc57f58b8b02c6c784f013fc
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-