General
-
Target
001b027326f1f5c85828de1a2d2795a6ad5648a75b4c837ffa453202e7c980af
-
Size
4.9MB
-
Sample
220516-1e9ttaadh5
-
MD5
b3ac1bb9077189033e3d426090d86155
-
SHA1
dae9827f34d94179aa956c12012b3472c8a74fb3
-
SHA256
001b027326f1f5c85828de1a2d2795a6ad5648a75b4c837ffa453202e7c980af
-
SHA512
6cf5cc1ad10096e00405a5fc675300db67405f326839107c5656442e1173c5cdb13a0efaaf3a54b875695e1381b7402682d9421125e76cba82b5f65751572f12
Malware Config
Extracted
danabot
1732
3
23.226.132.92:443
23.106.123.249:443
108.62.141.152:443
104.144.64.163:443
-
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
-
type
main
Targets
-
-
Target
001b027326f1f5c85828de1a2d2795a6ad5648a75b4c837ffa453202e7c980af
-
Size
4.9MB
-
MD5
b3ac1bb9077189033e3d426090d86155
-
SHA1
dae9827f34d94179aa956c12012b3472c8a74fb3
-
SHA256
001b027326f1f5c85828de1a2d2795a6ad5648a75b4c837ffa453202e7c980af
-
SHA512
6cf5cc1ad10096e00405a5fc675300db67405f326839107c5656442e1173c5cdb13a0efaaf3a54b875695e1381b7402682d9421125e76cba82b5f65751572f12
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-