General
-
Target
29ed67715882fc2294d0aaea64c4cd79697522a95d7a554d1c6b73ccd7b76d9e
-
Size
3.7MB
-
Sample
220319-v1mcraegf9
-
MD5
80c8fc3e4f8f3d60fc03b6cbef598e77
-
SHA1
7c3e8ebc0ed2cad7d0f46eb7d99d15ade70c72ee
-
SHA256
29ed67715882fc2294d0aaea64c4cd79697522a95d7a554d1c6b73ccd7b76d9e
-
SHA512
61e12040d1b6252893f6913b18e190f9818c210e50309857863a3213d55a07c4c1bd8cb1d3489c6805ae698ec4c289eff24b3970dba78d24a08db6fcf3711e61
Malware Config
Extracted
danabot
1732
3
23.106.123.249:443
64.188.20.187:443
108.62.118.103:443
104.227.34.227:443
-
embedded_hash
7851EC18309CA04099F7F0BE42FF6C04
-
type
main
Targets
-
-
Target
29ed67715882fc2294d0aaea64c4cd79697522a95d7a554d1c6b73ccd7b76d9e
-
Size
3.7MB
-
MD5
80c8fc3e4f8f3d60fc03b6cbef598e77
-
SHA1
7c3e8ebc0ed2cad7d0f46eb7d99d15ade70c72ee
-
SHA256
29ed67715882fc2294d0aaea64c4cd79697522a95d7a554d1c6b73ccd7b76d9e
-
SHA512
61e12040d1b6252893f6913b18e190f9818c210e50309857863a3213d55a07c4c1bd8cb1d3489c6805ae698ec4c289eff24b3970dba78d24a08db6fcf3711e61
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-