General
-
Target
3c7e197fad4ea9b6cb56a171bc02512f02bc34d71af5938eb88b200d734d7215
-
Size
2.1MB
-
Sample
220703-h4j1ksabcm
-
MD5
75a5177701e3c6406320416086ee4557
-
SHA1
0586a2cbc1aef53a92c5a84bea0469145d79de6a
-
SHA256
3c7e197fad4ea9b6cb56a171bc02512f02bc34d71af5938eb88b200d734d7215
-
SHA512
9a2be75304f7d9596b6da44905c68ecc860a1a7d163e51cbd6dbfd969ab7aa8357a758f977d1ed02733642f00536d37c8f909463ed1829695869136bffb26400
Malware Config
Extracted
danabot
181.63.44.194
207.148.83.108
45.77.40.71
87.115.138.169
24.229.48.7
116.111.206.27
45.196.143.203
218.65.3.199
131.59.110.186
113.81.97.96
Targets
-
-
Target
CRA_INV_2019_479426239721/CRA_INV_2019_479426239721.vbs
-
Size
24.2MB
-
MD5
3818ef620d826c62136f450c32429ae5
-
SHA1
1297b772ec42586ce1c6db624e8948cbe265710d
-
SHA256
38c668144becb1199196394ad78df6694c86597a283aea61bd036dc1da2eef62
-
SHA512
9789441d9a76f62213ce9889422241c6732ec21ab4ddfff4b596136d327d393c03f8c2f0973b07fd88c7d21c1149d1418d3c153b6b802562ad4b9035ebe78c00
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-