General
-
Target
b99d1777f962921c3d072a2a07e6e4d8c04e8cda6df8aa79a5c299d756fc603a
-
Size
1.2MB
-
Sample
211022-w1v6bschaq
-
MD5
d71597356926d1bccb85857759a5787b
-
SHA1
a7c4f155f6a86d349f64328d8625ec95b2dd1bfe
-
SHA256
b99d1777f962921c3d072a2a07e6e4d8c04e8cda6df8aa79a5c299d756fc603a
-
SHA512
ae880658d44d911a0ca9a1e676b35ad06a4f67019e19e3adffb1ba55e46821644bcda68238710a3bdf8bd91aa4da9b2994c7616f0b78b75ac4e2d397f89c1e1d
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
b99d1777f962921c3d072a2a07e6e4d8c04e8cda6df8aa79a5c299d756fc603a
-
Size
1.2MB
-
MD5
d71597356926d1bccb85857759a5787b
-
SHA1
a7c4f155f6a86d349f64328d8625ec95b2dd1bfe
-
SHA256
b99d1777f962921c3d072a2a07e6e4d8c04e8cda6df8aa79a5c299d756fc603a
-
SHA512
ae880658d44d911a0ca9a1e676b35ad06a4f67019e19e3adffb1ba55e46821644bcda68238710a3bdf8bd91aa4da9b2994c7616f0b78b75ac4e2d397f89c1e1d
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-