General
-
Target
3362BD012EF7C6F173D8D16D17769B49E611744AD2548.dll
-
Size
3.7MB
-
Sample
220331-mrnkfsafa4
-
MD5
d0b45cacfd3dc46aaa82085a1ef52774
-
SHA1
55b6fd06a14cf58aa9cc462a2e7c614b4121d986
-
SHA256
3362bd012ef7c6f173d8d16d17769b49e611744ad254844fd29817bbdd4d437b
-
SHA512
c704258aa1e76b5205d2603953421b48e3a1761eb3faa1a84f56f8433e7d02877e98a5f2caaa4444f8a0c163b125bde9ffbe557a39d8b63602105891c37f9312
Malware Config
Extracted
danabot
1755
3
193.34.167.163:443
134.119.186.198:443
78.138.98.136:443
104.168.156.222:443
-
embedded_hash
82C66843DE542BC5CB88F713DE39B52B
-
type
main
Targets
-
-
Target
3362BD012EF7C6F173D8D16D17769B49E611744AD2548.dll
-
Size
3.7MB
-
MD5
d0b45cacfd3dc46aaa82085a1ef52774
-
SHA1
55b6fd06a14cf58aa9cc462a2e7c614b4121d986
-
SHA256
3362bd012ef7c6f173d8d16d17769b49e611744ad254844fd29817bbdd4d437b
-
SHA512
c704258aa1e76b5205d2603953421b48e3a1761eb3faa1a84f56f8433e7d02877e98a5f2caaa4444f8a0c163b125bde9ffbe557a39d8b63602105891c37f9312
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-