General
-
Target
276acdc4dcceaf48ba99db546a3227e1d624bb93cf0c075480b1aba5967f95dd
-
Size
3.7MB
-
Sample
220319-nlhyfsgghk
-
MD5
06ab0e5f5b6350856b78b42a487b9bc1
-
SHA1
f99e9e1b2b05a239f88090ce0a0366d57d5c1805
-
SHA256
276acdc4dcceaf48ba99db546a3227e1d624bb93cf0c075480b1aba5967f95dd
-
SHA512
f29f6f2e70dabb88d92dc3f5a36c7a9710f8e2b1b4798c4b8c9cb21e48e1bb4be5ceb4939b4afc6cf846c77c9bfdd0b48f182d18c8a9ae17b0773e7f4efb640d
Malware Config
Extracted
danabot
1732
3
167.114.188.63:443
23.106.123.249:443
51.195.73.129:443
167.114.188.38:443
-
embedded_hash
E1D3580C52F82AF2B3596E20FB85D9F4
-
type
main
Targets
-
-
Target
276acdc4dcceaf48ba99db546a3227e1d624bb93cf0c075480b1aba5967f95dd
-
Size
3.7MB
-
MD5
06ab0e5f5b6350856b78b42a487b9bc1
-
SHA1
f99e9e1b2b05a239f88090ce0a0366d57d5c1805
-
SHA256
276acdc4dcceaf48ba99db546a3227e1d624bb93cf0c075480b1aba5967f95dd
-
SHA512
f29f6f2e70dabb88d92dc3f5a36c7a9710f8e2b1b4798c4b8c9cb21e48e1bb4be5ceb4939b4afc6cf846c77c9bfdd0b48f182d18c8a9ae17b0773e7f4efb640d
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-