General
-
Target
2440BCFC9D60EE999043CB9D569F64770BB2F34C7B306.dll
-
Size
3.7MB
-
Sample
220625-xa6ptahgf3
-
MD5
9c350ccd29f23ffa49bf7fa022ff57bd
-
SHA1
ae63c2a670e3b1e8338f10585d13caf08a5e8b1b
-
SHA256
2440bcfc9d60ee999043cb9d569f64770bb2f34c7b306f76f77c0dc081a435e3
-
SHA512
44b0b127674ad90995fbcec8f937078c518c237054269dd1b5588454fe7501ab73721131749777e10a58d7dbd8efc8866e259b01978bdd6bcda3fc4ec0d73898
Malware Config
Extracted
danabot
1755
3
167.114.188.34:443
172.93.201.39:1024
192.236.192.241:443
45.147.228.212:443
-
embedded_hash
CF4A570E177DE0D08BB5A391C595CBD7
-
type
main
Targets
-
-
Target
2440BCFC9D60EE999043CB9D569F64770BB2F34C7B306.dll
-
Size
3.7MB
-
MD5
9c350ccd29f23ffa49bf7fa022ff57bd
-
SHA1
ae63c2a670e3b1e8338f10585d13caf08a5e8b1b
-
SHA256
2440bcfc9d60ee999043cb9d569f64770bb2f34c7b306f76f77c0dc081a435e3
-
SHA512
44b0b127674ad90995fbcec8f937078c518c237054269dd1b5588454fe7501ab73721131749777e10a58d7dbd8efc8866e259b01978bdd6bcda3fc4ec0d73898
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-