General
-
Target
32d1507a7c046409634c823d251020502e6d7be05b4dea69d6a977a03e54364f
-
Size
1.2MB
-
Sample
211022-ses73abge6
-
MD5
8407c5f1cd726391cd6cd26d49ee90b1
-
SHA1
09740f964d998da73c0a26ed463d9063bee282c6
-
SHA256
32d1507a7c046409634c823d251020502e6d7be05b4dea69d6a977a03e54364f
-
SHA512
cd85597e1f3eb942ccb28d03258c5233259b05fc300d842173988ef10733d52eb3ee39417ea4a758c0febc842094247059b37e5d09529256a6716d15e376d16c
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
32d1507a7c046409634c823d251020502e6d7be05b4dea69d6a977a03e54364f
-
Size
1.2MB
-
MD5
8407c5f1cd726391cd6cd26d49ee90b1
-
SHA1
09740f964d998da73c0a26ed463d9063bee282c6
-
SHA256
32d1507a7c046409634c823d251020502e6d7be05b4dea69d6a977a03e54364f
-
SHA512
cd85597e1f3eb942ccb28d03258c5233259b05fc300d842173988ef10733d52eb3ee39417ea4a758c0febc842094247059b37e5d09529256a6716d15e376d16c
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot Loader Component
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-