General
-
Target
7e769cd47b1876618898bf11f6cf4ad7afbe139d4c3b4f34361d0b13ec85fa76
-
Size
1.2MB
-
Sample
211024-tan8zsfdgr
-
MD5
0e433e3c32ac23b4faca1b2c9ff01971
-
SHA1
973db4d2f17e0dc8a627acbd146fab36c4e659d5
-
SHA256
7e769cd47b1876618898bf11f6cf4ad7afbe139d4c3b4f34361d0b13ec85fa76
-
SHA512
089bb30bbfecb9d79e81824d521bf159795ca1522fb7e7d63878afaf79807dafc1d14c138bc784b8d30956a4c0b6928b635d6eb3179fb1e16b8b1fd9cf6fbbe1
Malware Config
Extracted
danabot
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
loader
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
7e769cd47b1876618898bf11f6cf4ad7afbe139d4c3b4f34361d0b13ec85fa76
-
Size
1.2MB
-
MD5
0e433e3c32ac23b4faca1b2c9ff01971
-
SHA1
973db4d2f17e0dc8a627acbd146fab36c4e659d5
-
SHA256
7e769cd47b1876618898bf11f6cf4ad7afbe139d4c3b4f34361d0b13ec85fa76
-
SHA512
089bb30bbfecb9d79e81824d521bf159795ca1522fb7e7d63878afaf79807dafc1d14c138bc784b8d30956a4c0b6928b635d6eb3179fb1e16b8b1fd9cf6fbbe1
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-