General
-
Target
d33414cda6d3dc0469ac0ea732566c2533ac92711f5f4cfab9674b20afd8c18e
-
Size
1.1MB
-
Sample
220112-3rfslsefem
-
MD5
3e4ba6b9dd120bbeb6e828c6c6f69aa7
-
SHA1
6c87adedd42d47721fa59327a5bbf9ff4d5b5c77
-
SHA256
d33414cda6d3dc0469ac0ea732566c2533ac92711f5f4cfab9674b20afd8c18e
-
SHA512
759cd51f63d438773ec8e859643774e6e52c0846f6536ad6364f3ecf86f1e6385c1acb80abaf27271b61fe8ea2896a26d59606240f78e94203f4f8aa61f78713
Malware Config
Extracted
danabot
4
103.175.16.113:443
103.175.16.114:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
loader
Extracted
danabot
2108
4
103.175.16.113:443
103.175.16.114:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
main
Targets
-
-
Target
d33414cda6d3dc0469ac0ea732566c2533ac92711f5f4cfab9674b20afd8c18e
-
Size
1.1MB
-
MD5
3e4ba6b9dd120bbeb6e828c6c6f69aa7
-
SHA1
6c87adedd42d47721fa59327a5bbf9ff4d5b5c77
-
SHA256
d33414cda6d3dc0469ac0ea732566c2533ac92711f5f4cfab9674b20afd8c18e
-
SHA512
759cd51f63d438773ec8e859643774e6e52c0846f6536ad6364f3ecf86f1e6385c1acb80abaf27271b61fe8ea2896a26d59606240f78e94203f4f8aa61f78713
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot Loader Component
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-