General
-
Target
78cb5d4011de6debecdeb09d5004bcb2fc06e43e66a0dab113caa94972d3d6fc
-
Size
3.7MB
-
Sample
220320-bnyqgaeabr
-
MD5
0d509e2a7e135a73ee1c1dff6d33c17e
-
SHA1
4a071bb0f6a7c617066a1b9a49757e345c463b92
-
SHA256
78cb5d4011de6debecdeb09d5004bcb2fc06e43e66a0dab113caa94972d3d6fc
-
SHA512
e258ffe2e12ca86e1360e8284a7f8f96d9866ebc432911aa6f9d330265d7a8a6f790b9019aa4798642a595213bde2c7533f458b1e94559addc86d2e9f3c3b433
Malware Config
Extracted
danabot
1732
3
167.114.188.63:443
64.188.20.187:443
192.241.101.68:443
51.195.73.129:443
-
embedded_hash
E1D3580C52F82AF2B3596E20FB85D9F4
-
type
main
Targets
-
-
Target
78cb5d4011de6debecdeb09d5004bcb2fc06e43e66a0dab113caa94972d3d6fc
-
Size
3.7MB
-
MD5
0d509e2a7e135a73ee1c1dff6d33c17e
-
SHA1
4a071bb0f6a7c617066a1b9a49757e345c463b92
-
SHA256
78cb5d4011de6debecdeb09d5004bcb2fc06e43e66a0dab113caa94972d3d6fc
-
SHA512
e258ffe2e12ca86e1360e8284a7f8f96d9866ebc432911aa6f9d330265d7a8a6f790b9019aa4798642a595213bde2c7533f458b1e94559addc86d2e9f3c3b433
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-