General
-
Target
b829aad995c6c45d5fc165e416ab68ba662671cb6a82dd5d5d7bbe4c494ab779
-
Size
1.2MB
-
Sample
211023-nd8txadcbq
-
MD5
1eac7f66a6e29dffc70869dad6ffa80c
-
SHA1
3cbd5459c517748b288a12e373a3e0d2ce13dda3
-
SHA256
b829aad995c6c45d5fc165e416ab68ba662671cb6a82dd5d5d7bbe4c494ab779
-
SHA512
038cc09c11bf6c11d5fd152d7c9d392f109e21fba96aa7c2a61e569bf1b6e5813334ee2fae51f917757150a03c36c1f6c0c46fd098732ecb3a14a456633dd24e
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
b829aad995c6c45d5fc165e416ab68ba662671cb6a82dd5d5d7bbe4c494ab779
-
Size
1.2MB
-
MD5
1eac7f66a6e29dffc70869dad6ffa80c
-
SHA1
3cbd5459c517748b288a12e373a3e0d2ce13dda3
-
SHA256
b829aad995c6c45d5fc165e416ab68ba662671cb6a82dd5d5d7bbe4c494ab779
-
SHA512
038cc09c11bf6c11d5fd152d7c9d392f109e21fba96aa7c2a61e569bf1b6e5813334ee2fae51f917757150a03c36c1f6c0c46fd098732ecb3a14a456633dd24e
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-