General
-
Target
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
Size
5.9MB
-
Sample
220701-adjywsddfl
-
MD5
1a936161249cbe295daaa2affaff158e
-
SHA1
a2f6df81c77867f2399e6b7727c7b22a0ebadbab
-
SHA256
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
SHA512
959484f87d1b6864379d5f6faa26e7202137449f275e2824d0095ff823ad8ba2ef957c1c82781e45cfda4c35104b9a573da5690473267fafb4c3bcf9daa4986a
Malware Config
Extracted
danabot
1827
3
23.81.246.201:443
23.254.225.170:443
134.119.186.216:443
23.106.123.185:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
-
type
main
Targets
-
-
Target
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
Size
5.9MB
-
MD5
1a936161249cbe295daaa2affaff158e
-
SHA1
a2f6df81c77867f2399e6b7727c7b22a0ebadbab
-
SHA256
3f93657bc7af36dbba53d87baf8ec9c2126fdf1d896ff90b8504ebc2a532aa06
-
SHA512
959484f87d1b6864379d5f6faa26e7202137449f275e2824d0095ff823ad8ba2ef957c1c82781e45cfda4c35104b9a573da5690473267fafb4c3bcf9daa4986a
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-