General
-
Target
1d0ad539b47c26678368a7d47094ea7fa0fe1c4eec1e0b214bda5196f9c07a96
-
Size
5.9MB
-
Sample
220607-fkfspshhe2
-
MD5
debbd1183c0e2fbbd3d5fa4e4f4a4af5
-
SHA1
9f4a84f7cf49fff638d8b4a0e5307cd23bbb69f0
-
SHA256
1d0ad539b47c26678368a7d47094ea7fa0fe1c4eec1e0b214bda5196f9c07a96
-
SHA512
080d0a2d03eb797078e284aa133b8edeeed0ef6468018580e45887b392da6a054024370f5e8d6576ff5dcc1ff42f2f40b92f125b29c55f1c8c72b5bfb6bd198c
Malware Config
Extracted
danabot
1765
3
192.3.26.107:443
193.34.167.88:443
134.119.186.216:443
192.210.198.12:443
-
embedded_hash
A3CC9056F97D33ED99C3617A0B08AA79
-
type
main
Targets
-
-
Target
1d0ad539b47c26678368a7d47094ea7fa0fe1c4eec1e0b214bda5196f9c07a96
-
Size
5.9MB
-
MD5
debbd1183c0e2fbbd3d5fa4e4f4a4af5
-
SHA1
9f4a84f7cf49fff638d8b4a0e5307cd23bbb69f0
-
SHA256
1d0ad539b47c26678368a7d47094ea7fa0fe1c4eec1e0b214bda5196f9c07a96
-
SHA512
080d0a2d03eb797078e284aa133b8edeeed0ef6468018580e45887b392da6a054024370f5e8d6576ff5dcc1ff42f2f40b92f125b29c55f1c8c72b5bfb6bd198c
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-