General
-
Target
D5755ED76CF2ACCD1E0A164877E72A9C568375AB9800F.dll
-
Size
5.7MB
-
Sample
220626-wfp4ksbggl
-
MD5
2c64ac9bca9c9d43dcd511ec119db8d0
-
SHA1
7a2bdb27333baaef59309cca8acda19969e019cd
-
SHA256
d5755ed76cf2accd1e0a164877e72a9c568375ab9800f931342ff9ac2d94263f
-
SHA512
66a95ad6a8510ef47b3449e95ce4fbc89610cdfde5348cb31599cff9956fe256d1a014a5c372c2fdc7e9a0254955104fb22c5455de7f747a250f25973adb0ad9
Malware Config
Extracted
danabot
1765
3
192.236.146.203:443
192.236.162.42:443
192.3.26.98:443
142.44.224.16:443
-
embedded_hash
B2585F6479280F48B64C99F950BBF36D
-
type
main
Targets
-
-
Target
D5755ED76CF2ACCD1E0A164877E72A9C568375AB9800F.dll
-
Size
5.7MB
-
MD5
2c64ac9bca9c9d43dcd511ec119db8d0
-
SHA1
7a2bdb27333baaef59309cca8acda19969e019cd
-
SHA256
d5755ed76cf2accd1e0a164877e72a9c568375ab9800f931342ff9ac2d94263f
-
SHA512
66a95ad6a8510ef47b3449e95ce4fbc89610cdfde5348cb31599cff9956fe256d1a014a5c372c2fdc7e9a0254955104fb22c5455de7f747a250f25973adb0ad9
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
suricata: ET MALWARE Danabot Key Exchange Request
suricata: ET MALWARE Danabot Key Exchange Request
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-